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Abstract 


This thesis presents an approach for direct and efficient synthesis of self-timed (asyn- 
chronous) control circuits from formal specifications called Signal Transition Graphs (STGs). 
Control circuits synthesized from this graph model are speed-independent and capable of 
perfoming concurrent operation. The property of speed-independence means that the cir- 
cuit operates correctly regardless of variations in delays of logic gates, thus implying that 
the circuit is hazard-free under any combination of gate delays. The capability of STGs 
for explicitly specifying concurrent operations internal to a control circuit is unique to this 
model, unlike other approaches based on Finite State Machines. 


STGs are a form of interpreted Petri nets, in which transitions in a net are interpreted 
as transitions of signals in a control circuit. While other synthesis approaches based on 
Petri nets have not been very successful, we have developed a number of analytical results 
which establish the equivalence between the static structure of nets (their syntax) and 
their underlying firing sequence semantics—an analytical approach called structure theory 
of Petri nets. This equivalence permits the characterization of the low-level properties of 
control circuits in terms of STG syntax: the properties of deadlock-free and hazard-free 
of circuits are characterized as syntactic propeties of liveness and persistency of STGs. A 
preliminary STG specification of a control circuit can be modified into one which is live 
and persistent, from which a deadlock-free and hazard-free logic implementation can be 
derived mechanically. 


STGs allow efficient synthesis of control circuits by using a method of decomposition 
based on a graph-theoretic technique called contraction. Instead of implementing a logic 
circuit from a STG directly, it can first be decomposed into a number of contracted nets, 
one for each signal generated by the control circuit. A logic element can then be determined 
from each contracted net, and the composition of logic elements produces the final circuit 
implementation. 
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... All things entail rising and falling timing. You must 
be able to discern this. In strategy there are various tim- 
ing considerations. From the outset you must know the 
applicable timing and the inapplicable timing, and from 
among the large and small things and the fast and slow 
timings find the relevant timing, first seeing the distance 
timing and the background timing. This is the main 
thing in strategy. It is especially important to know the 
background timing, otherwise your strategy will become 
uncertain. 
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... All Signal Transition Graphs entail rising and falling 
signal transitions. You must be able to discern this. In 
our design method, there are various timing constder- 
ations. From the initial specification, you must know 
the allowed timing and the disallowed timing, and from 
among the large and small circusts and the fast and slow 
logic gates find the relevant timing, first seeing the dis- 
tance timing and the timing protocol at the interface. 
This ts the main thing in our destgn method. It is espe- 
ctally tmportant to know the timing protocol, otherwise 
your ctrcusts will not work. 


Chapter 1 


Introduction 


1.1 Objectives 


The main objective of this research is the development of a design approach for asyn- 
chronous self-timed VLSI digital systems. The core of our approach is a graph model 
called Signal Transition Graphs (STGs). STGs allow the specification and efficient synthe- 
sis of self-timed control circuits. Our approach produces speed-independent logic circuits 


which can perform concurrent operations. 


In the realm of VLSI, exploiting concurrency is a prerequisite to high-performance: as 
systems become larger and more complex, one can no longer afford to ignore the parallelism 
in control operations. The central control discipline which is well-accepted in present 
approaches creates difficulties in high-performance systems by imposing an unnecessary 
sequential order on the execution of control operations. In choosing a control discipline 
which allows for parallel execution of unrelated operations, one naturally moves toward 
a distributed control organization. Thus, instead of a large central controller, one has 
numerous distributed control modules which can operate concurrently. STGs allow the 
specification and synthesis of these types of control modules—not only that they can 
operate concurrently, but also each module itself can perform several control operations in 
parallel. 


By speed-independent circuits, we mean those circuits whose correct operation is inde- 


pendent of the delays of logic gates composing the circuits. One immediate consequence 
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of this property is that speed-independent circuits are always hazard-free. These types of 
circuits are desirable in VLSI systems because it is usually difficult to fine-tune the delays 
of logic gates to make an asynchronous digital circuit work properly. Perhaps most impor- 
tantly, the use of speed-independent circuits enables the separation of the correctness of 
systems from timing considerations (which inextricably depend on many physical factors 
and phenomena in VLSI circuits). It is no coincidence that a number of research efforts 
in silicon compilation have utilized speed-independent circuits as a basis for hardware 


implementation [1,42]. 


STGs allow the direct and efficient synthesis of control circuits from formal specifica- 
tions. Unlike previous efforts, the approach based on STGs produces a specification which 
closely reflects the designer’s intuition. Moreover, this approach produces efficient circuit 
realizations by using a number of decomposition techniques. While speed-independent 
circuits have been criticized for their inefficiency in implementation (and therefore speed 
and performance), our experiences with applying this graph model to designing VLSI chips 
have been much more encouraging. 


1.2 Background 


We can categorize research works in self-timed systems according to two attributes: the 
theoretical models on which the research is based, and the particular aspects chosen for 
study. In terms of models, there are finite automata and Petri nets [39,41], and variations 
of the two. With regard to aspects of study, the two chief areas of concern are composition 
of systems from modular descriptions, and synthesis of modules from specifications. The 
study of composition of systems from self-timed modules usually assumes the presence of a 
set of modules with a certain uniform communication discipline, and the investigation takes 
a system point of view in exploring properties of systems composed from the modules. The 
other area of concern concentrates on techniques for synthesis of control modules rather 


than on the composition and communication aspect of systems. 


Two prevalent concepts describing the properties of self-timed systems are delay-insen- 
sitivity and speed-independence [35,36,37]. While these are commonly used interchangeably, 
we often find that delay-insensitivity has connoted a stress on the communication aspect 


and hence, the composition of systems. Thus, this terminology denotes an ezternal prop- 
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erty of control modules. On the other hand, speed-independence is usually understood 
as a property of control circuits which operate correctly regardless of variation in delays 
of logic gates. Speed-independence emphasizes the synthesis aspect, hence is a property 


snternal to control modules. 


Regardless of the emphasis of these research works—whether on composition or on 
synthesis—they require a formal specification which must rest on the theoretical model 
chosen. We have found that Petri nets provide a better starting point for formally spec- 
ifying self-timed circuits, since Petri nets per se have capabilities for explicitly modeling 
concurrency. Also, automata theory originally concentrated on sequential systems. Not 
- until recently was the basic theory extended to cover aspects of concurrency, and not until 
even later was it applied to the area of logic design. 


Below, we briefly review some of the relevant works according to the outline above. 
In short, each proposal identifies a basic model which also serves as its formal tool for 
specification, and a focus of study (i.e. composition or synthesis). Interestingly, most 
of the works deal with only one of the two areas; and none of them provides a coherent 
framework for treating both synthesis and composition at the same time. This survey is 
by no means exhaustive; it only serves to highlight the more relevant results which fit more 
into our classification. 


Most techniques for synthesis of asynchronous logic are based on either some form 
of finite automata such as the Finite State Machine (FSM) model, or Petri nets. The 
most outstanding work based on finite automata models can be traced back to Muller 
[35,36,37], who originated the idea of speed-independent circuits. Recent work in trace 
theory [42,53,51] can be considered as a systematic reformulation of Muller’s idea: this 
refinement is made possible because of the recent attempts to extend automata theory to 


cover concurrent behavior of systems. 


Concerning synthesis approaches based on Petri nets, one of the most important early 
contributions was made by Patil and Dennis at MIT [15,17,16,38]. Patil invented asyn- 
chronous logic arrays as a systematic method of directly implementing Petri nets [38]. In 
an asynchronous logic array, columns of wires are connected to storage elements to simu- 
late the places of a net, while rows of wires decode the state of the columns to simulate 
the occurrence of transitions. Thus, this method of implementation transfers the structure 
of a net directly to hardware. Dennis has shown that Petri nets can be used to model 
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asynchronous hardware systems at many levels of description in a very clear and easily 
understood manner [15]. Dennis’ description of the control logic of the Control Data 6600 
computer, which embodied instruction look-ahead and interleaved execution, demonstrated 
this technique. Dennis and Patil also elucidated an organization principle for asynchronous 
hardware systems in which a system is partitioned into data paths and distributed control 
structures, the latter organized as asynchronous modules which communicate with each 
other using certain signaling protocols [17,16]. Based on this organization principle, we 
have successfully designed and fabricated a self-timed two-by-two packet router, a basic 
component of a packet communication network [10]. 


Works at Washington University have also made important contributions to the study 
of self-timed systems, most importantly the use of macromodules proposed by Clark [11], 
and experimental proof of metastability problem in synchronizers, together with design 
techniques for alleviating this problem [7,13,47]. Most recently, Molnar et al. [34] proposed 
the use of a form of Petri nets called J-nets for specifying behavior of control circuits, from 
which Interface State Graphs (ISG) are derived by simulating the I-nets. ISGs can then 
be encoded with binary states and serve as the basis for implementation of control circuits 
as standard Huffman asynchronous state machines. This idea was inspired by Seitz’s 
Machine-nets [46] but contained a number of improvements. 


Work at CalTech by Seitz resurrected interest in self-timed systems in the VLSI era, 
as reported in a chapter of Mead and Conway’s book Introduction to VLSI systems [32]. 
Currently, Martin [30] at CalTech proposed a design approach using constructs for non- 
deterministic programming to specify hardware modules whose behaviors exhibit only se- 
quencing and arbitration requirements. This approach uses a subset of Dijkstra’s guarded 
command language [18] to specify each process; concurrently cooperating processes are 
described using notations similar to Hoare’s CSP [25]. Heuristic procedures are used to 
“compile” a hardware implementation from a module specification into an interconnection 
of standard hardware templates such as And, Or, C-elements, etc. During the compilation, 
the technique of reordering signal transitions in a sequence is used to improve implemen- 
tation efficiency. 


Recently, there have been works which use trace theory as a formalism for specifying 
delay-insensitive circuits. Trace theory was pioneered by Mazurkievicz, who has recently 
made further contributions to this theory [31]. Trace theory has been used in the COSY 
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formalism invented by Campbell and Habermann [6] and in CSP. Rem, Snepscheut and 
Udding at Eindhoven have demonstrated the use of trace theory for classifying and rea- 
soning about composition of delay-insensitive circuits [42,53,51]. Trace theory has laid a 
firm theoretical foundation for further investigation of properties of concurrent circuits, as 
evidenced through recent works [5,45]. Perhaps one novel aspect of these works in com- 
parison with the others is a method for classification of delay-insensitive circuits according 


to properties of their trace structures [51]. 


There are a number of earlier works concerning the composition of systems from asyn- 
chronous hardware modules; many were reported at the Project MAC Conference on Con- 
current Systems and Parallel Computation (ACM, 1970). One notable study was made by 
Keller at University of Utah, in which he proposed the use of a set of “universal” control 
modules from which any control network can be constructed [28]. 


One of the important related works to self-timed systems is the use of temporal logic for 
verification of asynchronous hardware structures [19]. Such techniques can be used fruit- 
fully for correctness validation of self-timed circuits and systems composed from circuits. 
It may also be a candidate for a formalism for specification and synthesis of self-timed 


circuits. 


1.3 Problems with some previous models 


Below, we describe a number of well-known difficulties with some traditional approaches for 
designing asynchronous circuits. In particular, we discuss problems with the FSM model 
and with earlier attempts to apply Petri nets. By identifying these problems, we hope to 
illustrate the difficult practice of designing asynchronous circuits; this will motivate the 
search for remedies, some of which are provided by the approach we present in the following 
chapters. 


Traditionally, asynchronous circuits are designed using the FSM model. A method for 
realization devised by Huffman uses a flow-table and a circuit model for implementing the 
state machine, as described in textbooks such as [20]. This design approach is very difficult 
to use, especially for synthesizing circuits with many input variables. So far, it has limited 


applications because of problems caused by variations in gate delays, particular in the 
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feedback paths of the circuit. Some of the frequently cited disadvantages and limitations 


of this implementation model are: 


The Huffman state machine cannot handle unrestricted input changes. It was dis- 
covered by Unger [52] that in the Huffman state machine, if two input transitions 
occur within a time interval (i) less than min(D, + Dy), then they can be consid- 
ered as simultaneous, if (ii) greater than maz(D, + D;) then they can be consid- 
ered separate, and if (iii) less that maz(D, + Dy;) and greater than min(D, + D;), 
then the secondary state variable will not have settled and the circuit malfunctions; 
mazDz,, minD, denote the maximum and minimum delays of the combinational 
logic, and mazD;, minD; denote those of the feedback delays. (In general, minD; 
has to be greater than zero.) 

The FSM model cannot describe concurrent behaviors directly. The FSM model and 
the Huffman state machine are based on the use of central states. At any moment, 
the machine resides in one state and it reacts to input excitations in different ways 
depending on which state it is in. A serious drawback of this state-based approach is 
that it is incapable of describing concurrency directly. The reason is that the notion 
of concurrency is more conveniently expressed in terms of occurrences of events; at 
the level of description of the FSM model, this phenomenon is difficult to see. 


The state assignment problem. Since it is difficult to match gate delays to achieve 
simultaneous transition of state signals, one has to make sure that simultaneous 
changes in state signals do not occur, or if they do, the circuit must be designed 
such that it behaves the same no matter which sequences of state changes take place. 
Hence most state assignment techniques only allow at most one signal change between 
states. This is a well-known hard problem for which many heuristic techniques have 
been proposed. State assignments serve another purpose in the implementation of 
state machines, that of decomposition. This further complicates the issue, as an 
optimal state assignment for decomposition may be in conflict with the requirement 
for single signal changes betweeen states. 

The exponential dependence of the number of entries in the flow table on the num- 
ber of input signals. Due to the absence of a controlling signal called a “clock”, a 
Huffman asynchronous state machine continuously senses the changes in the input 
and produces changes at the output and the state variables. Therefore, in contrast 


to a synchronous implementation of a state machine, an asynchronous implementa- 
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tion requires the listing of all input combinations in the flow table, resulting in the 
exponential increase in the number of entries in the table. 


There are a few early proposals for implementation of asynchronous circuits from Petri 
net specifications, most notably Patil’s asynchronous logic array and Seitz’s Machine-nets. 
Patil’s proposal is more correctly viewed as a hardware implementation of Petri nets, 
rather than implementation of asynchronous circuits from net specifications, because his 
technique basically replaces an element in a net with a hardware circuit which simulates 
the behavior of that element. Hence the structure of the net is transferred directly to 
hardware and there is no direct way to ensure that the resulting asynchronous machine 
meets all timing requirements. The operation of this type of asynchronous logic arrays 


depend greatly on local timing, and meeting these timing constraints can sometimes be 
difficult. 


Seitz’s Machine-nets, on the other hand, serve only as specifications from which FSM 
descriptions can be derived. The synthesis of a Huffman state machine from such a de- 
scription still requires the standard techniques and therefore faces the same difficulties. 


1.4 Main contributions of this work 


We have developed a synthesis approach for self-timed control circuits from graph-theoretic 
specifications called Signal Transition Graphs, a form of interpreted Petri nets. As will be 


described in the rest of the thesis, our original contributions are the following. 


e A set of new analytical results for Petri nets which allows the study of net proper- 
ties purely from the syntax (or structure) of nets; we call this the structure theory 
approach. 

e The development of Signal Transition Graphs, a formal model for specification and 
direct synthesis of self-timed control circuits with concurrent deterministic operation 
and input choices. 

e A decomposition technique of nets based on a graph-theoretic notion called con- 
traction. This technique can be applied directly to Signal Transition Graphs, thus 
allowing highly efficient implementations. 
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e An extension of the Signal Transition Graph model to allow the specification and 


synthesis of data-dependent control circuits. 


1.5 Experimental results 


In early 1984, we set out to test our Signal Transition Graph model by designing and 
fabricating two self-timed chips through MOSIS. The first chip is a two-by-two packet 
router [10], a basic component of a communication network for a dataflow computer en- 
visioned at MIT [14]. The router was implemented in 3 micron CMOS technology with 
2456 transistors and a layout area of 3.1 x 2.3mm?. A total of 46 routers were tested and 
30 of them were fully operational with a maximum throughput rate of approximately 22 
Mbytes/sec.! The other chip fabricated was a self-timed ring buffer, a FIFO buffer with 
an interesting distributed organization which reduces the latency of the buffer to one stage 
delay [9]. This ring buffer consists of 8 stages and 9-bit wide data paths. It was fabricated 
in 4 micron NMOS technology and consumed an area of 3.15 x 2.25mm?, including pads. 
Six chips were received from MOSIS and tested; five were fully functional at a throughput 
rate of approximately 4 MBytes/sec. These encouraging results indicate that our proposed 
approach produces systems which are efficient both in terms of the amount of hardware 


and speed, perhaps comparable to synchronous implementations. 


Description of the Router 


The block diagram of the router is shown in Fig. 1.1. It contains two FIFO queues to 
hold packets sent in byte-serial format. Packets are of variable length, and an extra bit 
called Last-byte is appended to each byte to delimit the packet boundary. This bit is “1” 
for the last byte of a packet and “0” for all others. The first byte of a packet contains 
the address information. The router decodes the address and forwards the packet to the 
desired output port; an address bit of “0” will form a link from the current input port 
to the upper output port, a “1” will form a link to the lower output port. There are 
two system controllers, each consisting of a FSM and a distributed control structure. The 

Tn [10], the maximum throughput rate for the routers was reported to be 11 Mbytes/sec. This figure 


is for one input port. The above figure of 22 MBytes/sec reflects the fact that two input ports can process 
packets concurrently. 


1.5. EXPERIMENTAL RESULTS 9 


system controllers read the address and the Last-byte signals, and generate control signals 
for the output multiplexors. These control signals are determined from the first byte of a 
packet and recycled for the remaining bytes. The two controllers also communicate with 
each other, since packets from one input port may need to go to the opposite output port. 
If packets from both input ports require the same output port at the same time, an arbiter 


is used to resolve conflicts. 


Two main data path modules are the multiplexors, and the self-timed registers which 
constitute the FIFO’s. These modules consist of a data circuit and a stage controller 
which handles the timing and signaling protocol. These stage controllers are specified 
using STGs from which speed-independent realizations can be obtained using our synthesis 
techniques. The controllers contains control circuits which are also synthesized using the 
same techniques. The Resource Locking Module (RLM), a control module with data- 
dependent operation is treated in an example in Chapter 9. This module is used together 
with an arbiter [32] to control the access of the FIFO queues to the output multiplexors. 


Description of the Ring buffer 


The ring buffer is a FIFO queue organized in a two-dimensional or ring organization, as 
shown in Fig. 1.2. This queue consists of M linear queues, each of D stages, and two token 
rings for controlling input/output operation. The capacity of the queue is M x I and the 
latency is proportional to L. 


Writing into the FIFO queue is controlled by an Input token ring, formed by connecting 
I-modules together into a ring. The ring is initialized such that only one I-module contains 
the token, marking the next available empty register stage. Since the Write-request signal, 
carried on wire W,, is connected to all I-modules, an important timing restriction is that 
the token should not be passed on to the next module in the ring if the Write-request 
signal is still active. The Write-acknowledge on wire W, is the output of an OR gate 
(shown as a heavy bar with a + sign) whose inputs are acknowledge wires from all I- 
modules. Similarly, reading from the FIFO is controlled by an Output token ring, formed 
by connecting O-modules together. Data written into the linear queues ripple to their 
output side, ready to be gated onto the output bus. The Output ring is initialized such 
that only one O-module contains the token. This module then controls the timing and 
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Figure 1.1: Block diagram of the two-by-two packet router. 
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signaling for gating of data to the output bus. The Read-request signal on wire R, is the 
output of an OR gate whose inputs are request wires from all O-modules. Another timing 
restriction exists for the Output token ring: since the Read-acknowledge signal, carried 
on wire R, is broadcast to all O-modules, the token should not be passed on to the next 
module while Read-acknowledge is still active. 


Our FIFO queue design makes use of distributed control structures and local com- 
munication. There are only a few types of modules in this design, with modules of each 
type replicated as necessary to construct complete FIFO queues. The distributed control 
structure allows the exploitation of concurrency. Concurrent read/write supports a higher 
throughput rate. The FIFO queue is also completely data driven, hence no potential 
read/write conflict exists and there is no need for any arbiter. The distributed control 
organization of the FIFO lends itself naturally to a design using asynchronous, self-timed 
hardware modules. These control modules are specified using STGs and synthesized from 
such specifications. The Ring buffer which we fabricated is one with minimal latency 
(L = 1), with each of the linear queues containing exactly one stage. Registers in each 
stage have inputs connected to the input data bus, and outputs connected to the output 
data bus. 


1.6 Organization of thesis 


After the two introductory Chapters 1 and 2, this thesis is organized into three parts. 


Part I consists of Chapters 3-5, in which the basic theory of STGs is developed. This 
part gives an introduction to Petri net theory, discusses a number of relevant new results 
and shows how this theory is applied to STGs, a form of interpreted Petri nets. This is 
followed by an investigation of properties of speed-independent circuits, which translate 
to the properties of liveness and persistency in STGs. The material developed in this part 
allows the specification and synthesis of a basic type of speed-independent control circuit 
from STG specifications; these circuits can perform concurrent deterministic operation and 
(nondeterministic) input choices. 


Part II, consisting of Chapters 6 and 7, discusses a novel technique for decomposition 
of systems based on a notion called contraction. Here, the theoretical results for Petri nets 
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are developed and then applied to STGs, as demonstrated through a design example. 


Part III, consisting of Chapters 8 and 9, discusses an extension to the basic STG model 
to allow the specification and synthesis of control circuits with data-dependent operation. 
The main ideas are presented informally in Chapter 8, together with an example. Chapter 
9 develops the formal theory for our extension. 


Chapter 2 contains a summary of the STG model and the main theoretical results of 
Parts I and II. This chapter gives a broad outline of the detailed description which follows 
in Chapters 3 to 6. It is intended to provide enough knowledge of our methodology for 
immediate applications. Chapter 7 contains a substantial design example which can be 
studied without having to go through the technical details presented in Chapters 3-6. 
Chapter 8 gives an informal presentation of the main idea of our extension of STGs to 
allow the specification of data-dependent circuits. Thus, after Chapters 2 and 7, Chapter 
8 can be read to provide an understanding of the extension. 


The following is a more detailed description of each chapter. 


Chapter 3. A number of new results are developed for a useful class of Petri nets called 
live-safe free-choice nets; they constitute the theoretical basis for further investigation of 
our STG model. First, relevant works in Petri nets theory are reviewed, with particular 
emphasis on the study of structure theory, which is mainly concerned with the relation- 
ship between the syntax (structure) and the underlying semantics of nets. This chapter 
develops two new results: (a) It is demonstrated that the behavior of a free-choice net, as 
characterized by its set of transition sequences, can be obtained by concurrently composing 
the behavior of its component subnets. As a consequence, an algorithm is devised, allowing 
the construction of finite automata directly from the structure of nets by composing finite 
automata of subnets. (b) A relation called the temporal relation on the set of transitions 
of a net is defined. This relation is characterized based on the structure of nets and it 
allows for the syntactic determination of whether two transitions are ordered, concurrent 


or in confitct. 


Chapter 4. The materials developed in Chapter 3 are part of a formal theory based 


on Petri nets, and they may be useful for other applications as well. For our purposes, 
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we interpret elements of nets as physical entities of digital circuits: transitions of nets 
are identified with rising and falling transitions of signals in circuits—hence the name 
Signal Transition Graphs. In this chapter, we introduce the STG model, its syntax and 
semantics, and our design approach for direct synthesis based on STGs. We introduce 
state graphs and their properties related to physical switching circuits. The third concept 
in this chapter is network functions, defined as the sets of logic functions describing the 
operation of the circuits. Network functions can be determined directly from state graphs. 
We also discuss state assignment, being the process of assigning binary values to states 
in a finite automaton to produce a state graph. Although this is a well-known difficult 
problem in the classical approach based on the Finite-State Machine (FSM) model, for 
STGs it is done automatically for STGs by satisfying certain syntactic conditions. 


Chapter 5. We discuss two important properties of state graphs and STGs called kve- 
ness and persistency. Liveness is related to the continuous operation without deadlock of 
circuits; persistency is related to hazard-free operation of circuits. Persistency is strongly 
tied to the notion of speed-independence: a circuit is speed-independent iff its STG speci- 
fication is persistent. The equivalent syntactic characterization of liveness and persistency 
are developed for STGs. 


Chapter 6. A method of decomposition for nets called contraction is introduced. This al- 
lows the decomposition of state graphs through decomposition of their STGs. The purpose 
of decomposition of state graphs is to produce efficient implementations by minimizing the 
interaction between variables in the state graphs. While there exist only complex heuristic 
procedures for FSM approach, for STGs this can be carried easily using net contraction 
based on some structural information from the STGs. 


Chapter 7. This chapter concludes the second part of the thesis by providing a detailed 
design example of a self-timed controller for a successive-approximation A-to-D converter. 
We will go through the synthesis steps and illustrate the principles developed earlier. We 
also discuss a number of design choices available during certain steps of the synthesis 


process. 
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Chapter 8. Parts I and II of the thesis provide the ground work which allows one to 
specify circuit behavior in terms of STGs, obtain their state graphs and finally, produce 
a correct and efficient implementation by satisfying liveness and persistency. However, 
since STGs are based on free-choice nets, their expressive power is limited to that of 
free-choice nets. Since free-choice nets can specify concurrent operations and free-choices 
(nondeterministic choices), correspondingly, STGs can only specify concurrent operations 
and input choices (The reason for considering free choices in nets as input choices in STGs 
is that internally to a control circuit module, input choices appear nondeterministic.) In 
order to specify circuit operation with internal choices (data-dependent operation), one 


will need to rely on a more expressive class of Petri nets. 


In Chapter 8, we consider an extension to the STG model which allows the specification 
and synthesis of circuits with data-dependent operations. This extension marks a slight 
departure from net theory, as it is a notational extension in STG to represent an aspect of 
flow-control in state graphs, i.e., the ability to make a decision based on a priori knowledge 
when arriving at a state with conflicts. We discuss this extension and its semantics in 
terms of state graphs. Lastly, a design example of a two-cycle controller for first-in first- 
out (FIFO) circuits is presented. This controller is a data-dependent circuit which can 
perform concurrent control operations. 


Chapter 9. Chapter 9 describes an algorithm called ezpansion algorithm which allows 
the transformation of a STG specifying data-dependent operation into one which has only 
input choices. Another design example is given: the Resource Locking Module which is a 


part of the controller of the Router discussed earlier. 


Chapter 10. We discuss areas for further investigation with the aim toward a com- 
prehensive approach for automatically compiling self-timed VLSI systems from high-level 
descriptions. Another area of interest is that of optimization of asynchronous circuits based 
on particular implementation technologies and design methodologies. 


Chapter 2 


Signal Transition Graphs: An 
Informal Introduction 


This thesis presents an approach for the synthesis of self-timed control circuits from formal 
graph-theoretic specifications. The conventional approach consists of constructing a Finite 
State Machine (FSM) from some informal (e.g. textual) description and determining the 
logic equations for state and output variables from the FSM, as illustrated in the left 
branch of Fig. 2.1a. Unlike this approach, the basic idea of our approach can be described 
as follows. From an informal description, we construct a formal specification in terms of 
graphs called Signal Transition Graphs (STGs), a form of interpreted Petri nets. STGs can 
be considered as a higher level form of representation compared to FSMs in the following 
sense: from a STG, one can obtain a set of sequences of signal transitions which represent 
the behavior of a circuit; each transition in every sequence corresponds to a control event 
of a system. Under certain conditions, such a set of sequences forms a regular set, that is, 
it has an equivalent representation by a finite automaton. This finite automaton can be 
used as a basis for implementation, as illustrated in the right branch of Fig. 2.la. Thus, 
STGs serve as a more abstract and succinct way of representing finite automata with 
certain desirable properties. STGs are more abstract because these representations use 
transitions and a binary relation called the causal relation between transitions to describe 
behavior; the concept of state does not appear explicitly. Because of this, concurrency and 
other control situations can be described in very compact form. STGs are more succinct 
because they do not require a large number of states to describe concurrent occurrences of 


control events, in contrast to the case of finite automata. 
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Figure 2.1: (a) Two approaches for synthesis of control circuits. (b) A technique for 
guaranteeing correctness of implementation from high level specifications. 


The finite automata derived from STGs are a form of interpreted finite automata called 
state graphs, in which states are interpreted as binary vectors of signal values and transi- 
tions between states as signal transitions. State graphs can capture fundamental properties 
of logic circuits—most importantly the deadlock-free and hazard-free properties. These 
correspond to the properties of liveness and persistency, respectively. Since at the higher 
level of representation of STGs, we do not deal with these low level issues directly, we 
need to develop some method to ensure correct implementation. Our strategy is as fol- 
lows: First, we study how fundamental properties of digital circuits can be characterized in 
terms of state graphs. Then, by establishing a unique correspondence between STGs and 
their state graph representations, these properties can be formalized as syntactic properties 
of STGs, which can in turns be verified and satisfied at this level of specification. Hence, 
by developing corresponding syntactic conditions for liveness and persistency for STGs, 
we have a means for ensuring the correctness of an implementation from an abstract level 
of specification. This idea is illustrated in Fig. 2.1b. 


Another basic notion of our approach is that of behavioral equivalence. Some of the 
previous approaches have used Petri nets not only as a specification but also as a direct 
basis for implementation, in the sense that the structure of a net is directly transferred to 
hardware. In constrast, we use nets only as a behavioral specification from which a set 
of transition sequences with certain properties can be derived. Thus nets are considered 
as language generating devices. Even though this idea has often been studied from the 
viewpoint of formal language theory, our concern is much more focused and limited to 


direct and practical applications. 
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This chapter gives an informal introduction to Petri net theory and summarizes a num- 
ber of new results, including a simple method for determining the set of transition sequences 
and its equivalent finite automaton directly from the structure of a net, and a syntactic 
characterization of the temporal relation between transitions in a net. These results can be 
applied to STGs as they are merely a form of interpreted Petri nets. The chapter describes 
properties of state graphs, liveness and persistency, and their equivalent characterization 
in STGs. Lastly, it presents a method of decomposition based on the notion of contraction; 
such a decomposition technique is the key to efficient implementation. 


2.1 Petri Nets and Signal Transition Graphs 


2.1.1 Petri nets 


A Petri net is a bipartite directed graph, consisting of a finite set of transitions T, a finite 
set of places P and a flow relation F C Px TUT x P specifying a binary relation between 
transitions and places. A net is shown in Fig. 2.2a, in which transitions are drawn as bars, 
places as circles, and the flow relation as directed arcs. One common restriction is that a 


net be strongly connected in the graph-theoretic sense. 


Transitions can usually be interpreted as certain events in a control system, while places 
as the local conditions which become true or cease to be true due to the occurrence of some 
actions, as specified by the flow relation. A transition has input and output places, e.g. 
Ps, pa are input places of t3; ps, pe its output places. Similarly, a place has input and output 
transitions, e.g. t, is the only input transition of p3, t3 its only output transition. The net 
in Fig. 2.2a is a particular instance of an important subclass of nets called marked graphs, 
capable of describing systems with deterministic concurrent operation. 


A net as presented above describes the static structure of a control system. Its dynamic 
behavior is captured by its markings and the firing rule which transforms one marking to 
another. A marking M is a collection of places corresponding to the local conditions 
which hold at a particular moment; it is represented graphically as solid circles called 
tokens residing in these places. The initial marking is denoted as Mo; in Fig. 2.2a, Mo 
corresponds to {p;, p2}. The firing rule is the rule for “executing” a net: A transition is 
enabled if each of its input places contains at least one token. An enabled transition may 
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Figure 2.2: (a) A Petri net and (b) its reachability graph. (c) A STG which is an interpreted 
net of the net in (a), and (d) its state graph. (e) A STG of a circuit with input choices 
and (f) its state graph. 
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occur or fire; its firing consumes one token from each input place and puts one token in 
each output place. In Fig. 2.2a, both transitions t,,t2; are enabled in the initial marking 
Mo, the firing of t; moves the token from p, to ps, the firing of tg moves the token from p2 
to p4. 


The result of the execution of the net can be described by a form of interpreted finite 
automata called reachability graphs, as shown in Fig. 2.2b. Each node represents a state 
corresponding to a marking of the net; a labeled arc between nodes indicates the transition 
from one marking to another due to the firing of an enabled transition. Also, the initial 


state (corresponding to the initial marking of the net) is circled. 


This example illustrates two important points. First, unlike the FSM model, nets can 
specify concurrent control actions: if two transitions are enabled in the same marking 
and the firing of one does not interfere with the enabling condition of the other, given 
enough time, both transitions will eventually fire. In Fig. 2.2a, the fact that t, and t, 
are concurrent means that both transition sequences (or firing sequences) ...t;t2... and 
...tg¢,... are possible; they show up in the reachability graph of the net. Secondly, the 
net’s operation is totally asynchronous, as the firing of transitions depends solely on the 
availabity of tokens at their input places. 


We will stress the transition sequence semantics of nets: a net defines a set of transition 
sequences. For example, the set of sequences specified by the net in Fig. 2.2a can be given 


by a regular expression 
((tillte)ta(tallts te)”, 


where for transitions a and 5, a||b (concurrent composition) denotes the set {ab, ba}, ab 
(concatenation) denotes {ab} and a* (Kleene closure) denotes {¢,a,aa,...}; € is the empty 


sequence. 


Properties of nets 


Two important behavioral properties of a net with an initial marking are safeness and 
liveness, defined as follows. For a net with an initial marking Mp, it is safe iff in any marking 
reachable from Mo, every place contains no more than one token. For our purpose, only 
finite safe nets are of practical interest. A finite safe net is live iff its reachability graph is 
strongly connected and each transition in T is enabled in some marking of the reachability 
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Figure 2.3: (a) An unsafe net and (b) its reachability graph. 


graph. Note that this restrictive notion of liveness applies only to finite safe nets, and 
further it requires that all markings be reproducible.! The purpose of this requirement is 


to permit one to disregard the transient behavior during initialization of nets. 


We consider safeness as a fundamental restriction on nets; without it one cannot relate 
the structure of a net to the actual behavior which the net intends to describe. Fig, 2.3a is 
a simple example of an unsafe net, whose structure is intended to specify a choice between 
control actions t; and t2. This would have been the case had place p; contained only one 
token. However, due to the fact that place p,; contains two tokens, t; and tz each can fire 
twice consecutively, or both of them can fire concurrently. This behavior is recorded in 
the reachability graph shown in Fig.2.3b, with each marking described by a multiset of 
marked places (instead of a set) due to the multiplicity of tokens in the places. 


Unsafe nets create another fundamental problem in that the set of transition sequences 
derived from an unsafe net may not have an equivalent finite automata (FA) representation 


in case the number of tokens in any place grows without bound. 


Subclasses of nets and Structure theory 


We will be concerned with three important subclasses of nets called marked graphs (MG), 
state machines (SM) and free-choice (FC) nets. A marked graph is a net in which each 
place has at most one input transition and at most one output transition. Marked graphs 
represent the structure of deterministic concurrent systems. The dual notion of marked 
graphs is that of state machines. A state machine is a net in which each transition has 


at most one input place and at most one output place. State machines represent the 


In Fig. 2.4a, the initial marking {p1, p4} is a live-safe one; however, this marking is not reproducible. 
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Figure 2.4: (a) A LSFC net, (b) its MG-components resulting from MG-reductions and 
(c) its SM-components resulting from SM-reductions. 


structure of nondeterministic sequential systems. A free-choice net is a net such that if 
any two transitions t, and t, share the same input place p, then p is the unique input place 
of both ¢; and ¢2. Examples are shown in Fig. 2.4, where (a) is a FC net, (b) consists of 
marked graphs and (c) of state machines. We will restrict ourselves to a subclass of FC 
Petri nets as specifications of control systems which exhibit concurrent operations. FC 
nets represent an appropriate blend of concurrency and choice in specifying behaviors of 


circuits, and at the same time can be analyzed without much difficulty. 


Structure theory is a branch of net theory which emphasizes the relationship between 
the structure (syntax) of nets and their behavior (semantics). In our view, structure theory 
is vital to the practical use of nets, for it allows the characterization of dynamic properties 
of nets in terms of static (syntactic) ones. Hack [24] has devised a reduction algorithm 
which allows the decomposition of a free-choice net into sets of structural components: 


a FC net can be decomposed into a set of state-machine (SM) components or a set of 
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marked graph (MG) components, as shown in Fig. 2.4. An important theorem developed 
by Hack which is the cornerstone of the structure theory of Petri nets can be informally 
stated as follows. If a FC net is live and safe, then the set of MG-components resulting 
from MG-reductions covers the net. Alternatively, the set of SM-components resulting 
from SM-reductions also covers the net. On the other hand, if a FC net is either nonlive 
or unsafe, then some reduction does not cover the net or is empty, or some component is 
not strongly connected. For example, the FC net in Fig.2.4 is live-safe and its SM-and 
MG-components both cover the net. 


Hence, by using this theorem, we can determine if a net is live-safe by decomposing 
it into structural components. Later chapters describe more fully other important appli- 
cations of this theorem. Specifically, by using Hack’s theorem, we developed techniques 
for constructing a finite automaton directly from the structure of a net, and a syntactic 
characterization of the temporal relation, as will be described below. 


2.1.2 Signal Transition Graphs 


For the purpose of specifying behaviors of digital control circuits, we use a form of inter- 
preted Petri nets called Signal Transition Graphs (STGs), which are nets with transitions 
interpreted as rising and falling transitions of signals of a control circuit. Fig. 2.4c shows 
an example of a STG of a circuit with the set of signals denoted by J = {a, b,c}. This STG 
is one interpretation of the net in Fig. 2.2a, where the set of transitions T is interpreted 
as the set of signal transitions J x {+,—}. Since a control circuit has input, internal and 
output signals, we partition the set of signal transitions in the same way, and in the graph- 
ical representation, transitions of input signals are underlined. The fundamental difference 
between transitions of input and non-input (= internal + output) signals is that the former 
are caused by the external environment while the latter by the system. 


For simplicity, in a STG, we represent each transition by its name instead of using a 
bar with a label. Another important graphical abbreviation for STGs is that every place 
with one input and one output transition is not drawn explicitly; instead an arc is drawn 
directly between these transitions. Such an arc directly represents an instance of the causal 
relation, denoted by R, between transitions; informally, t; Rt, (read t, catises t,) can be 
understood as: the firing of t, brings the system into a state (marking) in which ft, is 
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enabled (and hence may fire). 


The reason for using the causal relation and ignoring places with one input and one 
output transitions is that, from the viewpoint of firing sequence semantics, the behavior of 
a net (or STG) is adequately defined by its set of transition sequences. For a sufficiently 
expressive class of nets called live-safe free-choice (LSFC) nets, we will be able to show that 
their sets of firing sequences are regular in the sense that the latter have equivalent finite 
automata representations. For example, the STG in Fig. 2.2c defines a set of sequences 
which has the equivalent finite automaton (FA) shown in Fig. 2.2d, which is isomorphic 
to the reachability graph of Fig. 2.2b. This FA can be interpreted into a state graph by 
(i) identifying transitions between states with signal transitions and (ii) assigning binary 
vectors representing the values of signals in the circuit to nodes. For state graphs, this 
state assignment is very simple and can be carried out mechanically, as will be described 


later. 


The STG in Fig. 2.2c specifies the behavior of a control circuit with deterministic 
concurrent operation. Fig. 2.2e shows another STG specification of a trivial circuit with 
input choices; its state graph is shown in Fig. 2.2f. The input choice is specified by a 
place with two output transitions a, and 6,, which are transitions of input signals a and 
b. Whenever p is marked, then both output transitions are enabled and one is chosen 
nondeterministically to fire; its firing will disable the other transition. In Petri nets, such a 
situation is called a free chotce. In STGs, we limit output transitions of a free-choice place 
to those of input signals because internal to a system, a choice made externally would 


appear as if it is nondeterministic. 


We have the following important remarks concerning the formalization of STGs as 


interpreted Petri nets. 


First, STGs are nets with interpreted transitions but places have no interpretation; in 
particular, we do not interpret places as states of signals resulting from the firing of signal 
transitions. The reason is illustrated in the following example. In Fig. 2.2a, transition t, 
is interpreted as a,. Suppose further that its output place p3 is interpreted as signal a 
becoming a logical “1”. Then whenever ¢, fires, indicating a positive transition of a, place 
p3 is marked with a token indicating that signal a has become 1. Note, however, than 
when 73 fires subsequently, this token is taken away, implying that signal a is no longer at 


value 1. In reality this is not true because the value of a will not change until a_ occurs. 
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This is an important observation to which we shall return later. 


Second, despite the fact that STGs are interpreted nets, we have chosen to call our graph 
model Signal Transition Graphs, rather than Nets, in order to emphasize the important role 
of the static structure of nets in our application. A Petri net can be viewed as consisting of 
an underlying structure which is a graph, and a marking which indicates the distribution 
of tokens in the graph at some moment. Structure theory, as mentioned earlier, allows 
the direct association of static net structures to their underlying semantics. This thesis 
develops a number of techniques for manipulating the structure of nets (with little concerns 


about markings) which allow direct synthesis of the underlying finite automata. 


2.1.3 Relation between Petri nets and Signal Transition Graphs 


It is important to note that STGs can be considered simply as a class of LSFC nets with 
certain structural restrictions due to the interpretation of transitions. One such restriction 
is that STGs always contain an even number of transitions due to the fact that associated 
with every signal is a pair of signal transitions. Another restriction arises from the need 
to simulate the interface behavior of a control circuit: in a STG, if ¢ is a transition of an 
input signal, then we require that t have exactly one transition, say t’, which causes it: 
t/Rt; furthermore, t’ must be a transition of an output signal. In Fig. 2.2c, each transition 
of input signals a, 6 is caused by exactly one transition of output signal c. There are other 


restrictions which we will present later. 


Just as a STG is an interpreted net, its state graph is an interpreted FA which can 
be obtained in a similar fashion as reachability graphs. The relationship between nets, 
STGs and state graphs is depicted in Fig. 2.5. The top part of this figure is a syntactsc or 
structural classification of nets. For instance, the class of FC nets is a subset of the class 
of Petri nets, and so on. LSFC nets are a subclass of FC nets, with the properties of live- 
safeness characterized structurally by Hack’s reduction theorem mentioned at the end of 
Section 2.1.1. STGs constitute a subclass of LSFC nets. The subset of live-persistent STGs 
corresponds to those STGs whose state graphs are live and persistent. Live and persistent 
state graphs can be transformed into deadlock-free and hazard-free (speed-independent) 
logic circuits, as indicated by arrow (5). 


The middle part of Fig. 2.5 contains classes of finite automata, which can be considered 


26 


CHAPTER 2. AN INFORMAL INTRODUCTION 


Lave-persistent 
STGs 


Deadlock-free 
Speed-tndependent 
Logic circutts 


Figure 2.5: Structural classification of classes of nets and their equivalent finite automata. 
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as the low-level semantics of nets. The two-headed arrows indicate the equivalence between 
them and classes of nets. Earlier, we stated that safe nets have equivalent FA representa- 
tions; such an equivalence is indicated by arrow (1) for finite safe FC nets. The class of 
LSFC nets have equivalent FA which are live, as indicated by arrow (2), this equivalence 
is the subject of investigation of Section 2. Of main interest in Fig. 2.5 is the equivalence 
indicated by arrow (4) between live-persistent STGs and state graphs; this equivalence is 
studied in Section 3. 


It is crucial to realize that while safeness can be considered purely as a net-syntactic 
property, liveness and persistency are defined as properties of finite automata. Thus, live- 
safe FC nets are safe FC nets whose FA are live; similarly, live-persistent STGs are STGs 
whose state graphs are live and persistent. The important point is that even though liveness 
and persistency are defined as properties of state graphs, one can derive the equivalent 
syntactic conditions for STGs, just as in the case of LSFC nets. For LSFC nets, the 


syntactic conditions for live and safeness are stated in Hack’s decomposition theorem. 


2.2 Semantics of nets/Behavioral equivalence 


There are two approaches to defining the semantics of Petri nets: one based on sequences 
of transitions (firing sequences), the other on partial orders of transitions and places. For 
safe nets, their semantics can be given both in terms of firing sequences and partial] orders: 
By using the firing rule and an initial marking, one can simulate the operation of a Petri 
net to obtain the firing sequences; on the other hand, Petri nets can be unfolded into 
partial orders called processes [23]. 


We will be mainly interested in the firing sequence semantics of Petri nets. One fre- 
quently cited problem with using firing sequence semantics is illustrated in the following: 
Given a set of firing sequences describing the behavior of a very simple system {ab, ba} 
(Fig. 2.6a), it is unclear whether this set corresponds to a net in which a and 6 are con- 
current (Fig. 2.6b) or in conflict (Fig. 2.6c), where all transitions are labeled. 


It is clear that this problem arises due to the labeling of two transitions with the same 
labels in Fig. 2.6c. If such a labeling is disallowed, problems of this kind will never arise 
and the system {ab,ba} always corresponds to the case of concurrency. Hence we allow 
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(b) (c) 


Figure 2.6: (a) The equivalent FA of the set {ab,ba} and two interpretations: (b) con- 
currency, where 7(ti) = a, y(t2) = 5; 7 is a labeling function, (c) conflict, where 
y(ti) = y(ta) =a, Y(t2) = y(ts) = 5. 


only unlabeled transition sequences. In the formulation of STGs, instead of using a labeling 
function to label transitions of a net with signal transitions, ie. y: T — J x {+,—}, we 
have chosen to make a direct interpretation: T = J x {+,—} to avoid the problem just 


mentioned. 


2.2.1 Behavioral Equivalence 


For our purpose of synthesis from net specifications, the main advantage of using sequence 
semantics is that it allows freedom in the implementation from a specification. Given a net 
specification of a control systems, any other net which exhibits the same set of transition 
sequences as the original one is considered equivalent to it; this is the notion of behavioral 
equivalence. The like notion of “structural equivalence” is not a particular useful one, as it 
requires two nets which are equivalent in this sense to have identical structures. The simple 
example in Fig. 2.7 shows two nets which are behavioral equivalent but not so structurally. 
If one is concerned only about the behavior (in terms of transition sequences), then the net 
in Fig. 2.7a contains a redundant place which can be removed without altering the net’s 
behavior. 


From a technical point of view, sequence semantics are easier to handle than semantics 
based on processes. As will be made clear in this thesis, most results for LSFC nets 
are proven by considering their sets of transition sequences. These include important 
properties such as liveness, and properties concerning the composition and decomposition 


of nets. 
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(a) (b) 


Figure 2.7: Two nets which are behaviorally equivalent. 


2.2.2 Important Analytical Results for Nets 


In this section, we summarize a number of fundamental results which are proven in Chapter 
3. These results serve as the basis for later developments. One important result is the 


following 


The set of firing sequences of a LSFC net is regular, t.e. it has an equivalent 


finite automata representation. 


Algorithm for constructing finite automata for LSFC nets 


The above result is proven by demonstrating a procedure for constructing an equivalent 
automaton from a LSFC net; the basis for such a construction algorithm is given by the 
following result (Theorem 3.8): 


The equivalent finite automaton of a LSFC net is obtatned by weaving (concurrent- 


composing) the finite automata of a set of SM-components which cover the net. 


Note that a FA equivalent to a state machine is identical to the state machine itself 
and hence, can be readily derived from the SM-components of a LSFC net. Let FS, and 
FS, denote sets of transition sequences of two finite automata F'A; and F'Ag, respectively. 
The weave of F'S, and F'S, is defined as (Def. 3.7) 


FS,||F'S, = {0 € (% UT2)* | o[T, € FS; A o[T, € FS}, 
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Figure 2.8: (a) The set of covering SM-components for the net in Fig. 2.2a. (b) The 
equivalent FA of the SM-components and (c) their weave, which results in the equivalent 
FA of the net in Fig. 2.2a. 


where T; and T; are sets of transitions of the FA; o[T; denotes the projection of a sequence 
o onto the set T;. The weave of two FA, F'A;||F'A;, is defined as a FA whose set of 


transition sequences is given by F'S,||F'S2. 


The marked graph in Fig. 2.2a is a special case of LSFC nets, which can be decomposed 
into a set of covering SM-components (Fig. 2.8a), each being a simple cycle containing one 
token. The FA corresponding to these SM-components are shown in Fig. 2.8b; their weave 


results in the FA for the marked graph, as indicated in Fig. 2.8c. 


Temporal relation in LSFC nets 


Another result of fundamental importance developed in this thesis could be categorized 
as a result in the structure theory of Petri nets. Given a LSFC net, it is generally not 
possible to tell whether two transitions are ordered or concurrent merely by inspecting the 
structure of the net. For instance, the marked graph shown in Fig. 2.9 (called a necklace of 
length 4) has three different initial markings as indicated, each resulting in a distinct set of 
firing sequences; that is, this net has three equivalent classes of live-safe markings—every 
two markings in each class are mutually reachable. In case (a), the set of firing sequences 


is given by the expression (ttgtst,)*; in case (b), it is (tit4tstz)*; lastly in case (c), it is 
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Figure 2.9: (a) A FC net with three different equivalent classes of live-safe markings. Some 
of its SM-components contain two or three tokens. 


to((ti{}¢3)(t2||t4))*. In cases (a) and (b) all transitions are ordered, even though they are 
ordered in different ways. In case (c), t; and t3 are concurrent, and so are tz and ty. For 
each of these cases, there exists a set of covering SM-components which are simple cycles 
with one token. Note, however, that there are also cycles with two or three tokens. Since 
by definition a state machine net must contains exactly one token, such a cycle with two 


tokens is not a legitimate SM-component. 


In order to allow for syntactic characterization of the temporal relation between tran- 
sitions in a net, we shall make the following fundamental restriction. The original result 
by Hack, as described in his Well-formedness theorem, states that a FC net is live-safe iff 
when SM-reductions are applied to it (i) every SM-reduction is a collection of one or more 
marked SM-components and (ii) the reductions cover the net. Note that this condition 
does not require that every SM-component of the net contains one token each; it is possible 


for some SM-components to contain more than one token, as illustrated by the example 
above. 


Our temporal characterization based on syntax only works for nets which satisfy the 
one-token SM restriction: 


Every SM-component of a LSFC net contains exactly one token. 


Hence, if net satisfies this restriction, any of its SM-components containing more than 
one token 1s unsafe and will cause the net to be unsafe. In this thesis, we will be mainly 
interested in LSFC nets which meet this restriction. This is not as restrictive as it seems: 
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First, any LSFC nets not satisfying this restriction can usually be decomposed into subnets, 
each of which satifies it. Secondly, many other models of concurrent systems including CSP 
[25], path expressions [6], etc. require that every basic module be a sequential process— 
concurrency is achieved by having many sequential modules communicating with each 
other. In contrast, our one-token SM restriction does not require each basic module to be 


a sequential process. The advantages for introducing this restriction are: 


e It allows a simple and useful characterization of the temporal relation between tran- 
sitions based solely on the structure of the net. One example of this characterization 
is that two transitions are ordered iff they belong to the same simple cycle in a LSFC 
net. Such a characterization is correct only when every simple cycle contains exactly 


one token. 


e Each net in this class of nets has exactly one equivalence class of live-safe markings 
and furthermore, the equivalence class can be determined directly from the structure 
of the net. This has profound implications since in general, a LSFC net may have 
more than one equivalence class of live-safe markings if some of its SM-components 
contain more than one token (an example has been given in Fig. 2.9). The problem 
of determining all different classes of live-safe markings is a major difficulty in net 
theory [Hol74]. Moreover, if a net has only one equivalence class of markings, it is 
possible to determine all markings in this class directly from the structure of the 
net. Therefore, the concept of an initial marking serves merely as an indicator of 
the starting state of a net and plays no significant role in the synthesis from net 
specifications. 


Under the one token SM restriction to LSFC nets, we can define a relation called the 
temporal relation tr = T x T. The temporal relation is a binary relation on the set of 
transitions (and can be extended to include places) of a LSFC net, and is defined based 
on the structure of nets. It allows one to determine syntactically whether two transitions 


are ordered, concurrent or in conflict. 


In the following, we give the net-syntactic definition of symmetric binary relations 
li, co, cf and dc on the set of transitions; they stand for ordered, concurrent, conflict 
and direct-conflict, respectively. In a LSFC net, two transitions t and t' are (a) ordered, 


denoted as {t, t’} € li iff there exists a simple cycle containing both of them; (b) concurrent, 
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Figure 2.10: Portion of a reachability graph showing t and t’ are (a) in direct-conflict (b) 
concurrent (c) ordered or in indirect-conflict. 


denoted as {t, t’} € co, iff there exists a MG-component containing both of them, but not 
in the same simple cycle; (c) otherwise, they are in conflict, denoted as {t,t’} € cf. One 
special case of conflicts is a direct conflict, denoted by {t, t’} € de, iff there exists a place of 
which ¢ and ?¢’ are output transitions. For example, in Fig. 2.4, {t),t4} € li, {ts, te} € co, 
{t2,t3} € cf and {t,,t2} € de. 


The above classifications of the temporal relation are based on the syntax of LSFC 
nets. It can be proven that these correspond to the normal understanding of ordering, 
concurrency. and conflict in terms of firing sequences. For a LSFC net, there exists a cor- 
respondence between an element of the temporal relation and a situation in a reachability 
graph of the net, as illustrated in Fig. 2.10. In this figure, dotted arcs are used to indi- 
cate explicitly those transitions which cannot occur; dashed arcs indicate directed paths 


between markings. 


Another result concerning this syntactic characterization is the following. In a LSFC 
net satisfying the one-token SM restriction, if we define the temporal relation on the set of 
transitions as tr = T x T, then it can be shown that (Theorem 3.16): 


li, co and cf partition the temporal relation tr into disjoint subsets, and tr = 
liUco Uef. 


The above syntactic characterization plays an effective and complementary role to the 
construction algorithm developed earlier: In a net, while the temporal relation allows the 
syntactic characterization of a behavior specification (i.e. whether certain control events 
are concurrent or in conflict, etc.), the finite automaton obtained from the net provides 
the basis for further analysis and synthesis. Hence, we have introduced enough analytical 
results to permit the use of nets as formal specifications of control systems, which can be 
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viewed as high level representations of finite automata for the purpose of implementation. 


2.3 Properties of State graphs 


In this section, we briefly discuss interpreted finite automata called state graphs and their 
logic implementations, as described by network functions. A network function is simply 
a set of logic equations for non-input signals in a circuit, and it can be obtained directly 


from a state graph. 


We will further explore two important properties of state graphs called hveness and 
persistency and derive corresponding conditions on STGs. As mentioned earlier, these 
will appear as syntactic conditions on STGs, and by satisfying them, correct hardware 
implementation is guaranteed: simply, a control circuit is deadlock-free and hazard-free if 
its STG specification is live and persistent. 


2.3.1 State Graphs and Network Functions 


In the construction of an equivalent FA from a set of sequences, a state is an abstract 
concept, defined as an equivalence class of sequences with the same postfixes; there is no 
apparent relationship between a state and the transitions enabled in it. However, for state 
graphs obtained from a STG, not only do we require that it be a FA equivalent to the set 
of sequences defined by a STG, but we also require that states be interpreted as binary 
vectors representing the values of signals in a circuit. There is a direct connection between 
states and transitions: states are vectors of values of a set of signals, whereas transitions 
are transitions of the same set of signals. For example, in Fig. 2.2d, the control circuit 
is comprised of the set of signals J = {a,b,c}. Hence in its state graph, every state is 
interpreted as a binary vector representing the values of signals in the ordered set (a, b,c) 
and every transition is a signal transition in J x {+,—}. Such a connection requires that 
every state s be assigned values in a manner consistent with transitions from s. For a signal 
j € J, let s(j) denote the binary value of signal j in state s, and j, denote a transition of 
j (either j, or j_). Also let s[t)s’ assert that the occurrence of transition ¢ in a state s 
takes the system to another state 3’; t is said to be enabled in state s. In a state graph, if 
s[t)s’ where t = j,, then s, s’ and ¢t must together satisfy the following condition: if t = j4 
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then s(j) = 0, s'(7) = 1; if t = j_ then s(j) = 1, (7) = 0. In which case, the triple (s, t, s’) 
is called consistent, and s,s’ are adjacent. For example, in Fig. 2.2d, s = 000, ¢ = b, and 
s’ = 010. 


A state graph is said to have a consistent state assignment iff the above condition holds 
for all states in the state graph. A state graph has a corresponding logic implementa- 
tion described by a network function which can be determined from the state graph. A 
network function consists of a set of logic equations, one for each non-input signals to be 


implemented. 


In a state graph, the logic equation for every non-input signal j can be determined as 
follows. For states s, 3’ and transition t such that s[t)s’, s’ is called a nezt-state of s. Fora 
signal j, its implied value in state s, denoted by f(s, 7), is determined by: if t is a transition 
of signal j, i.e. t = j., then f(s, 7) = 3(j); otherwise f(s,7) = 3(j), where 3(j) denotes the 
complement of s(j). Notice that in a state graph, it is often the case that a state s has 
more than one next-states s’; however, each state can have exactly one implied value. The 
logic equation for 7 is determined from the set of implied values of j in all states. This 
can be done conveniently by transferring the state graph to a Karnaugh map (K-map) 
such that in a square of the K-map corresponding to some state s, the implied value of s 
is written. For example, to determine the logic equation for signal c, the state graph in 
Fig. 2.2d can be transferred to a K-map; and it can be verified easily that c = a.b+c(a+6). 
This is illustrated in Fig. 2.2g, and the logic function is precisely that of a C-element. 


2.3.2 Liveness and Consistent State Assignment 


In the process of obtaining a state graph from an STG, we first determine the equivalent 
FA of the STG and then perform state assignment for the FA. Performing state assign- 
ment is essentially interpreting the FA. In the last section, the concept of consistent state 
assignments has been described. It follows that in every simple cycle of a state graph with 
consistent state assignment, the numbers of ¢ and ¢ transitions must be equal, and t, ¢ must 
alternate; where t,? denote a pair of complementary signal transitions. We have derived 
the following corresponding condition on a STG for its state graph to have a consistent 


state assignment (Theorem 4.8). 
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A state graph of a STG has a consistent state assignment iff every pair of 


transitions t,t is ordered. 


The continual operation without deadlocking of control systems is the property of 
liveness. A state graph of a control system is called live iff its uninterpreted FA is strongly 
connected and has a consistent state assignment. If the state graph is strongly connected 
then all of its transitions occur infinitely often in some transition sequences. 


A STG is said to be lve iff its state graph is live. The syntactic conditions on a STG 
so that its state graph is live are the following. (Theorem 5.1) 


A STG is live iff (i) its uninterpreted net ts a LSFC net, and (11) every pair of 


transitions t,t ts ordered. 


Condition (i) guarantees that the FA is strongly connected; condition (ii) guarantees that 
the interpreted FA (i.e. the state graph) has a consistent state assignment. Recall that a 
strongly connected FA is said to be live. An example of a live STG and its state graph are 
given in Fig. 2.2 above. 


2.3.3. Persistency 


Persistency is one of the most important properties of state graphs. Persistency is an 
important concept because it is the essential property of speed-independent circuits. It 
is also the most complicated to deal with because there may be a number of mechanisms 


involved. 


In a state graph, a transition is persistent iff when it is enabled, the occurrence of some 
other transition does not disable it. This situation is illustrated in Fig. 2.1la: transitions 
t and u are enabled in state s and s[t)s,, s[u)s2. ¢ is persistent, as the occurrence of u 
does not disable it. On the other hand, u is non-persistent because it is disabled by an 
occurrence of t and hence not enabled in s,;. The disabling of u must have been caused by 
the occurrence of transition t, as t is the only transition which occurs in going from state 
s to s,. In which case, t must be a transition of an input to a logic element of which u is 


a transition of its output signal. 
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Figure 2.11: (a) A non-persistent state graph and (b) its corresponding STG. (c) By adding 
a persistency constraint, non-persistency can be eliminated from the state graph (d). (e) 
To maintain the concurrency between u and ?, an internal transition + can be introduced. 


We have developed the corresponding syntactic characterization on STG for non- 
persistency, as illustrated for a live STG in Fig, 2.11b: (Theorem 5.4) 


In the state graph (Fig. 2.114), transition u is non-persistent iff in the corre- 
sponding STG, t,u are concurrent and tRu. 


This can be appreciated by considering the corresponding hardware implementation: 
the course of action tRu is implemented by a hardware element with f as one of its input 
transitions and u is a transition of its output signal. Concurrency between t and u implies 
that while the hardware element is reacting to ¢ to cause u, t may be occurring simultane- 
ously at the input of that hardware element. This is commonly known as a race condition 
in hardware circuits and can lead to malfunction. 


A persistency constraint is an ordering constraint between two transitions, namely from 
u to t as illustrated in Fig. 2.11c, used for eliminating this non-persistent behavior. The 
resulting state graph in Fig. 2.11d is persistent. 


A general condition of our design methodology is that transitions of input signals to 
the system are always assumed to be persistent. The reason for this assumption is that 
even if two transitions of input signals appear to be enabled in the same state, in the larger 
system comprising the original system and its environment, they may indeed be enabled 
in different states. 
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A STG is said to be persistent iff its state graph is persistent. Hence, 


A STG is persistent iff for every non-input signal j, every transition of j caused 


by a transition x is ordered with Z. 


A remark about Persistency. 


Earlier, when introducing STGs as a form of interpreted Petri nets, we mentioned a reason 
why places are not interpreted as states of signals. This is indeed a fundamental limitation 
of our attempt to use LSFC nets to model behavior of logic circuits. As a matter of fact, 
STGs cannot model circuits which have hazards because these circuits correspond to non- 
persistent STGs. Consider the STG in Fig. 2.11b. Without a persistency constraint from 
u to t (as indicated in Fig. 2.11c), the following problem would arise. After transition tf 
fires, each of its output places (not shown) gets a token. Since u and ¢ are concurrent, the 
token on the left branch may move to the input place of t while u has not fired. Since ¢ 
and ¢ are transitions of the same signal (say j), what should really happen when ¢ fires 
subsequently is that the token at the input place of u also disappears. This is because the 
presence of this token should be used to indicate the state of signal j after ¢ fires. Since t 
has fired, changing the state of j again, this token must disappear. 


It is clear that such a disappearing token is not allowed by the firing rule of Petri nets. 
Hence in order not to have to deal with this problem, we require that all transitions in 
a net (except those of input signals) satisfy the persistent constraint. The ramification 
of this restriction is that STGs cannot model arbiters and similar circuits with hazards. 
Note, however, that this does not include circuits with input choices which can still be 
specified by STGs (as illustrated by Fig. 2.2e). Hence, an arbitration can always be turned 
into an input choice by using an external arbiter. 


2.3.4 A synthesis procedure 


The following synthesis procedure summarizes the ideas discussed so far. From a textual 


description of a control circuit, we perform the following steps. 


(1) Construct a STG specification according to the description. 
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(2) Check the syntax of the STG for liveness. 

(3) Check the syntax of the STG for persistency. (If non-persistency exists, eliminate it 
by adding persistency constraints and/or additional internal signals. ) 

(4) Check the syntax of the STG for state assignment problems. 


(5) Derive the equivalent FA of the STG and perform state assignment to produce a state 
graph. (If the STG is live then its state graph has a consistent state assignment.) 
(6) Determine the network function from the state graph. 


The logic circuit is simply the realization of the network function. The phase of trans- 
forming a live-persistent STG into a logic circuit can be done mechanically. However, 
transforming an initial STG specification into a live-persistent one may require interac- 
tions with the designer. Even though checking for liveness and persistency of STGs can be 
performed by simply checking the syntax of STGs, there is usually more than one way to 
eliminate deadlocks and non-persistency. For example, non-persistency in Fig 2.11b can be 
eliminated either (i) by adding a persistency constraint directly to the STG (Fig. 2.11d) 
or (ii) by first introducing an internal transition z and then adding the persistency con- 
straint. In case (i), concurrency in the specification is reduced, thus reducing the number 
of transition sequences allowed. In the second case, concurrency is maintained at the cost 
of introducing more signal transitions (and hence more hardware). Whichever choice is 
better—limited concurrency vs. ezternal behavioral equivalence—is to be decided by the 


designer. 


We caution the reader that step (4) is another possible mechanism which may cause 
non-persistency in the state graph; it is a by-product of the state assignment process and 
has no relation to the sequencing specification of a STG. Nonetheless, we still can establish 
a syntactic characterization of this problem for STGs, as presented in Chapter 5. In Section 


2.5, we present an example of this problem and discuss its implications. 


2.4 Decomposition by Net Contraction 


The above synthesis procedure simply consists of going from a live-persistent STG toa 
state graph then to a logic implementation. There is a simple method for decomposing 
the state graph into smaller subgraphs, from which an efficient implementation can be 
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obtained. This decomposition technique is based on a graph-theoretic operation called 
contraction. The general strategy is illustrated in Fig. 2.12 which shows the steps for the 
synthesis of a trigger module, a control module for implementing pipelined operation of a 


processign system. 


The STG specification of this module (Fig. 2.12a) satisfies the syntactic properties of 
liveness and persistency. Its state graph is shown in Fig. 2.12b, from which an implementa- 
tion can be obtained (Fig. 2.12e). This path a—-b-e adheres to the synthesis steps described 
previously, where no decomposition is used. The alternate path a-c—d—e demonstrates our 


decomposition technique, as described below. 


First, for each signal to be implemented in {I,,O,}, a contracted net is determined for 
it, as shown in Fig. 2.12c. In the STG, transitions of signal J, are caused by transitions 
of signals J, and O,, but not O,. Thus in the contracted net of I,, transitions of O, 
can be eliminated. Besides transitions of signal J,, the contracted net of J, only contains 
transitions of signals which cause transitions of J, in the original STG. These signals 
{I,,O,} form the input set of I,, denoted as I(I,). In the implementation (Fig. 2.12e), 
signals in this set are input signals to the logic element J,. A contracted net is obtained 
by removing unwanted transitions from the original STG, in such a way that the temporal 
relation between remaining transitions is preserved. The left STG in Fig. 2.12c is the 
contracted net of I,, obtained by removing transitions of signal O,; similarly, the right 
STG is the contracted net of O,, obtained by removing transitions of signal J,. The 
dashed arcs in the contracted nets of (c) indicate redundant causal constraints which can 
be removed. 


It is important to note that in the contracted net of a signal j, only transitions of j are 
considered as output, other transitions in the input set of j, I(j), are considered as inputs 
to the logic element j. The implication is that since transitions in I(j) are inputs, they 
are persistent. Their persistency must be guaranteed by other part of the circuit which 


has its own corresponding contracted net. 


Using exactly the same technique as before, each contracted net produces a state graph 
from which the logic equation for a signal can be determined. In this example, the final 
hardware circuits are the same whether decomposition is used or not. However, in general, 
the circuit obtained from decomposition is usually more efficient. 
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The dashed arrows from (a) to (c) and from (b) to (d) indicate net contractions and 
state graph contractions, respectively. The arrows from (b) to (d) indicate the fundamental 
reason this technique of decomposition yields a logic circuit with the same behavior as 
one obtained without decomposition: state graphs obtained from the contracted nets are 
themselves contracted versions of the state graph in (b). A contracted state graph is 


obtained by simply “ignoring” the uninteresting transitions. 
y simp & & 


The major net-theoretic results which serve as the basis of this decomposition technique 
are the following (Fig. 2.13a). Let © denote a LSFC net satisfying the one-token SM 
restriction, and ® its equivalent FA. Let {Dj,...,/,} be a set of contracted nets of D such 
that each £{ contains a subset T; C T, where T is the set of transitions of D. A contraction 
preserves the temporal relation if two transitions which are ordered (concurrent, in conflict) 
in the original STG remain so in the contracted net. For each Di, let ®; be its equivalent 
FA. Then (Theorem 6.11) 


If the contractions preserve the temporal relation, then every is a contracted 
state graph of ®. 


The state graphs in {®/,..., ®/} form a collection of concurrently operating state ma- 
chines. The aggregate behavior of this collection is defined as the concurrent composition 
of all components, obtained by weaving them: 9}]||... ||®/. 


The following result establishes the behavioral equivalence between the LSFC net and 
its set of contracted nets. (Theorem 6.12) 


If the causal relation of every pair of transitions in D (i.e. Wt, t’E T : tRt') is 


present in some contracted net, then ® and %j||...||®/, are identical. 


Since STGs are a syntactic subclass of LSFC nets, the above result can be applied 
directly to STGs, as indicated by Fig. 2.13b. The logic circuits obtained by two methods 
are equivalent in the sense that they have the same behavior, as expressed in terms of sets 


of transition sequences. 
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Figure 2.12: (a) STG specification of a trigger module. The final implementation can 
be obtained through the normal path a—b-e, or through decomposition by contraction 


a-c—d-e. 
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Figure 2.13: (a) The equivalent FA of contracted nets are identical to the contraction of 
the original FA. (b) Application of the result in (a) to STGs. 


A remark about contraction vs. reduction 


Earlier in this chapter, we mentioned Hack’s reduction algorithm which, when applied to 
a LSFC net, produces a set of MG-components or SM-components. In addition, we have 
shown that the equivalent FA of a LSFC net can be obtained by weaving the equivalent 


FA of a set of covering SM-components. 


The result stated above for net contraction indicates that the equivalent FA of a LSFC 
net can also be obtained by weaving the equivalent FA of a set of contracted nets which 
“cover” the original STG (in the sense defined above). 


The main difference between these two methods of decomposition is that in reduction, 
a net is decomposed into subnets which are either state machines or marked graphs, while 
in contraction, subnets are not necessarily required to be state machines or marked graphs, 
even though it is possible. Subnets resulting from net contractions can be anything, de- 
pending on which transitions are eliminated. In fact, reduction can be considered as a 
special case of contraction: in a SM- (MG-) reduction, the set of transitions which remain 
all belong to the same SM- (MG-) component; by using contraction to eliminate other 
transitions, the desired SM- (MG-) component can be obtained. Note, however, that the 
contraction technique proposed only works for LSFC nets which satisfy the one-token SM 


restriction. 
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2.5 <A problem with state assignment 


Previously, we discussed conditions under which a STG has a consistent state assignment. 
Below, we will use an example to illustrate a side-effect of state assignment which can some- 
times give rise to non-persistency in state graphs. In contrast, the kind of non-persistency 
which we described earlier is a result of the interaction between concurrent signal transi- 
tions, and therefore, it is directly related to the sequencing requirement specified by an 
STG. Thus, even though both phenomena may give rise to non-persistency in state graphs, 
their mechanisms are completely different. We will call this the state assignment problem 


and the other non-perststency in STGs to distinguish them. 


Fig. 2.14a is a STG, being a simple cycle t, Rt,... Rt, Rt,, with an initial marking Mo in 
which place (tn, ti) is marked. Its equivalent FA (Fig. 2.14b) is a simple cycle, represented 
by the sequence So|t1)1[t2) ... $n-1[tn)3o. Suppose that there exists some transition t;, 1 < 
t <n, such that the set B = {t,,t2,...,¢;} has the property that Vr ET: cE Boze B, 
i.e. B forms a subset which contains both the rising and falling transitions of a number of 
signals. Such a set is called a complementary set. 


Then when state assignment is carried out, states s9 and s; will have the same binary 
representation (Fig. 2.14c). This is because if any transition t; in B occurs, then ¢; must 
also have occurred. Thus in the state graph, both ¢, and t;,;; are enabled in the same state 


and hence, are in direct conflict. There are two cases: 


(a) If both ¢, and ¢,,, are transitions of input signals, then they are persistent. (This is 
due to the previous assumption that external transitions be persistent.) 
(b) If either ¢, or tj41 or both are transitions of non-input signals then non-persistency 


results. 


Case (b) above represents an undesirable situation and it cannot be fixed by a persistency 
constraint as discussed earlier. In order to eliminate this case of non-persistency, one has 
to introduce additional bit to the binary vectors to allow the distinction between states 
$9 and s;. This means that it may be necessary to add another internal signal to the 
set of signals J. For example, one can insert a new signal transition x anywhere in the 
chain ¢, Rt2...Rt,, thus ensuring that it no longer forms a complementary set. A specific 


example is given in Section 7.2.2 to illustrate this step. 
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Figure 2.14: (a) A STG, (b) its equivalent FA and (c) the state graph resulting from state 
assignment. 


The above problem also applies to contracted nets of a STG. Even if a STG contains no 
complementary sets, in a contracted net, new complementary sets may be created when 
transitions are removed from the STG. In which case, one can use the same technique 
of introducing additional internal signal to eliminate non-persistency in a contracted net. 
Chapter 7 provides an example for this. 


2.6 Summary 


In this chapter, we have outlined an approach for synthesis of self-timed control circuits 
from STG specifications. While transforming a live-persistent STG into a logic circuit can 
be done mechanically, ensuring liveness and persistency of STGs is a more complex task 
which may require interactions with the designer. Nonetheless, these interactions only 
mean that there are usually more than one way to guarantee liveness and persistency and 
choosing the optimal solution is the task left to the designer. 


One added complication arises from our technique for decomposition which produces 
contracted nets from a STG. Of the three properties which one has to satisfy: liveness, 
persistency (of STG) and the state-assignment problem, we have proven in the thesis that 
(i) if liveness and persistency are met by a STG, then they are automatically met by its 
contracted nets, and (ii) even if a STG does not have any state-assignment problem, its 


contracted nets may due to the removal of transitions. 


Chapter 3 


Semantics and Temporal Relations of 
Nets 


Petri net theory constitutes one active area of research in the description, modeling and 
analysis of concurrent systems. Petri nets allow the modeling of sequential and non- 
sequential behaviors of systems by providing two distinct types of elements for representing 
states and transitions. Even though Petri nets are a powerful model of concurrent systems, 
their analysis is often difficult due to the generality allowed in these specifications. We 
will restrict ourselves to a subclass of Petri nets called Free-Choice (FC) nets and will 
use them as specifications of systems which exhibit concurrent operations. Free-Choice 
nets represent an appropriate blend of concurrency and choice in specifying behaviors of 
systems, and at the same time can be analyzed without much difficulty. 


In the previous chapter, we have argued for the use of firing sequence semantics of nets. 
This chapter provides the formal statements and proofs of the results presented earlier. 
Two new results described earlier for the class of LSFC nets are developed: (1) An al- 
gorithm for constructing a finite automaton directly from the structure of a net. Such a 
finite automaton corresponds precisely to the reachability graph of that net. (2) A charac- 
terization, based on the structure of a net, of a temporal relation on its set of transitions. 
The temporal relation can be partitioned into disjoint subsets of ordering, concurrency 
and conflict, each of which has a unique corresponding situation in the reachability graph. 


The rest of this chapter is organized as follows. Section 2 gives a brief introduction to 
Petri net theory and summarizes important and recent results. The structure and firing 
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rules of Petri nets are defined; important subclasses of nets called marked graphs, state 
machines and free choice nets are identified. Then a number of results for LSFC nets are 
summarized, from works of Hack, Best, Thiagarajan and Voss. These are refered to as the 
structure theory of LSFC nets, one based on the static structure of the nets rather than 
on their dynamic behaviors as described by the firing rule. 


Section 3 discusses a semantics of nets based on sets of firing sequences. We show that 
the set of firing sequences of a live safe free choice net can be determined directly from 
those of component state-machines by weaving them. This allows us to devise a simple 
algorithm for direct construction of the reachability graph from the structural components 


of a net. 


Section 4 defines a binary relation called temporal relation in terms of net syntax and 
discusses a number of important properties. We then establish one-to-one correspondence 
between subsets of this relation (ordering, concurrency and conflict) with unique situations 
in the reachability graph. 


3.1 Petri Nets 


3.1.1 <A Brief Introduction 


This section provides a brief introduction to net theory. Most of the materials in this 
section are adapted from [24,41,44]. 


A Petri net is a triple N = (P,T,F) where 


e PUT and PNT =9, and 
e FC(PxT)U(T x P) such that dom(F) Urange(F) = PUT. 


P is the set of places, T is the set of transitions and P UT is the set of elements of N. 
The relation F is called the flow relation. In graphical representation, places are drawn as 
circles, transitions as bars and the flow relation as directed arcs. Let z be an element of 
N, then 


e -xc={yeE PUT | (y,z) € F} is the preset of z, 
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ez={yE PUT | (z,y) € F} is the postset of z. 


For a place x, -z and z- are often referred to as sets of input and output transitions of 
x, respectively. Similarly, for a transition z, -r and z- are often referred to as sets of input 
and output places of x, respectively. This dot notation is extended to sets of elements in 
the obvious way. If p € P and |p-| > 1 then p is called a shared place, where |.X| denotes 
the cardinality of set X. To facilitate the task of analysis and presentation, two common 
restrictions on a Petri net N = (P,T, F) are that it be pure and simple:! 


e N is pure iff Vz,yE PUT: (z,y)EF > (y,2) ¢ F. 
e N is simple iff Vz,y € PUT: (a =-y A z- =y-) > x = y. Another related property 
is place-simple: Vz,yE P:(c=-y A re=y)>2r=y. 


In light of the fact that we are mostly interested in behavior of nets in terms of firing 
sequences, place-simplicity is a more reasonable restriction, whereas simplicity is a rather 
stringent requirement in that it disallows the specification of certain types of choices. In 
summary, all nets considered are tacitly assumed to satisfy the following restrictions, unless 
explicitly stated otherwise: 


Restriction 3.1 All nets considered are finite, strongly-connected, pure and place-simple. 


We will be mainly concerned with three important subclasses of nets called marked 
graphs (MG), state machines (SM) and free-choice (FC) nets. A marked graph is a net 
in which each place has at most one input transition and at most one output transition: 
Vp € P:|-pl,|p-| < 1. Marked graphs represent the structure of deterministic concurrent 
systems. The dual notion of marked graphs is that of state machines. A state machine 
is a net in which each transition has at most one input place and at most one output 
place: Vi € T:|-t],|¢-| <1. State machines represent the structure of nondeterministic 
sequential systems. A free-choice net is a net such that if any two transitions t, and t, 
share the same input place p, i.e. |p-| > 1, then p is the unique input place of both ¢, and 


ta: Vp € p: |p-| > 1 => -(p-) = {p}. 


1Note that this definition of “simple” is differently from Commoner’s simple nets, which are called 
asymmetric-choice nets [44]. 
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The states of a system whose structure is modeled by a net are represented by markings. 
A marking of a net N is a function M: P — {0,1,2...}. In diagrams, the marking M 
is indicated by placing M(p) tokens (drawn as dots) on each place p. If a place contains 
tokens, it is marked, otherwise, it is blank. Function M is extended to sets of places such 
that M(P) = ep M(p). A transition t is enabled at the marking M iff each input place 
of ¢ is marked at M, i.e. Vp € -t: M(p) > 0. When the enabled transition ¢ fires at M, a 
new marking M’ is reached which is given by 


M(p)—-1 ifpe-t—t- 
VpeE P:M'(p)=< M(p)+1 ifpet-—-t 
M(p) otherwise 


The transformation of M into M’ through the firing of ¢ is denoted as M[t)M’. Let 
T* be the set of all finite-length sequences of symbols in T. Let Mo be a marking of the 
net N and o = iotitz...t, € T* a sequence of transitions. Then o is a firing sequence at 
Mo iff there exist markings M,,M2,...,My41 of N such that M,[t;)Mi4, for 0 <i <n. 
As usual, Mo[o)M,41 denotes the transformation of Mo into My41 by firing o at Mo. By 
convention, for every marking M of N, M[e)M, where e denotes the empty sequence. 


The forward marking class of a marking M of a net N is denoted as [M) and is the 


smallest class of markings of N given by: 


e M €[M) and 
e if M’ €[M) and for some t € T: M'[t)M", then M” € [M). 


A net N = (P,T,F) with an initial marking Mp is usually represented as a quadruple 
Xx = (P,T,F,Mo). N is called the underlying net of 5 and usually denoted as Ny. 


Two important behavioral properties of a net with an initial marking are liveness and 
safety. 


Definition 3.2 Let & = (P,T,F,Mo) be a net with an initial marking Mo. Then 


e Dts live iff VM’ € [Mo), Vt€ T: 3M” € [M’) such that t is enabled at M". 
e X ts safe iff VM' € [Mo), Vp Ee P: M'(p) <1. 
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3.1.2 Previous Results for Free-Choice nets 


Given a Petri net with an initial marking, the firing rule can be applied to transform the 
net from one marking into a new marking by firing enabled transitions in the net. The 
reachability graph is a graph in which nodes are markings and arcs between nodes represent 
firings of transitions; this graph is a state transition graph which readily captures the 
behavior of the net. Although for general Petri nets, reachability graphs can be obtained 
by exhaustively firing enabled transitions at a marking to produce new markings, for the 
class of FC nets, much can be deduced directly from their structure without reference to 
any particular initial marking, provided that the net is live and safe. In this section, we 


summarize a number of relevant results for FC nets. 


Reduction algorithms for Free-Choice nets. 


Hack [24] devised two simple algorithms for structurally reducing a free choice net into its 
component marked graphs or state machines. 


A marked graph allocation (MG allocation) over a free choice net N = (P,T,F) isa 
function A: P — T such that Vp € P : A(p) € p-. Thus for every place in a net, only 
one of its output transitions is allocated, the rest are called unallocated transitions. Let 
E, and E, denote the sets of eliminated transitions and places, respectively. The marked 
graph reduction (MG reduction) algorithm involves the following steps. Vp € P, Wie T: 


1. Delete all unallocated transitions: p- —{A(p)} C E:. 
2. Delete places with all input transitions already deleted: -p C E; & p€ Ep. 
3. Delete transitions with at least one input place deleted: tN E, #0 t € E;. 


Repeat steps 2 and 3 until they are no longer applicable. A marked graph resulting from 
the reduction is called a MG-component. 


A state-machine allocation (SM allocation) over a free choice net N = (P,T,F) is a 
function B : T — P such that Vt € T : B(t) € -t. The state machine reduction (SM 
reduction) algorithm involves the following steps. Vp € P,Wte T: 


1. Delete all unallocated places: -t — {B(t)} C E,. 
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MG-reductions SM-reductions 


(>) MG-components (c) SM-components 


Figure 3.1: (a) A LSFC net (b) Its MG components resulting from MG-reductions and (c) 
Its SM components resulting from SM-reductions. 


2. Delete transitions with all output places already deleted: t- C E, @ t € E;. 
3. Delete places with at least one output transition deleted: p- NE; #9 pe E,. 


Repeat steps 2 and 3 until they are no longer applicable. A state machine resulting 


from the reduction is called a SM-component. An example (taken from [4]) of MG and SM 
reduction of a LSFC net is shown in Fig. 3.1. 


Useful results for Free-Choice nets. 


For FC nets, a number of useful results have been proven. They are stated below as 
preliminaries to further investigation. The following theorem is due to Hack, phrased in 
different form by [49]. 


Theorem 3.3 Let & = (P,T,F,Mo) be a LSFC net and x an element of Ny. Then 
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e there exists a MG-component N, = (P,,T1, Fi) of Np such thatz € Py UT;, 


e there exists a SM-component Nz = (P2,T2, F2) of Ny such that zc € P, UT). 


This theorem states that if a FC net is live and safe, then the set of MG-components 
resulting from MG-reductions covers the net. Alternatively, the set of SM-components 
resulting from SM-reductions also covers the net. On the other hand, if a FC net is 
either nonlive or unsafe, then some reduction does not cover the net or is empty, or some 


component is not strongly connected. 


Another useful theorem from the theory of marked graphs [12] states that (a) for every 
marking M reachable from the initial marking Mo, there always exists a firing sequence a 
which brings the net from M back to itself, and (b) any such firing sequence o must fire all 
transitions in the net at least once and exactly the same number of times. This theorem 
is formalized below. 


For a sequence o € T* and T; C T, o[T; denotes the projection (or restriction) of 0 
onto set T,. If t € T is a transition then #(o[t) is the number of occurrences of ¢ in a. 
For a set of transitions T,, #(o/T1) = Diet, #(o[t). For a net with an initial marking 
x = (P,T,F,Mo), FS(Z) denotes the set of all firing sequences of ©. The following 
theorem states that in a live-safe marked graph, (a) for every marking M reachable from 
Mo, there exists a firing sequence which brings the net from M back to itself, and (b) every 


such firing sequence contains at least one instance of each transition. 


Theorem 3.4 Let & = (P,T,F, Mo) be a live-safe marked graph. Then, 


(a) VM €[Mo) So €T*: M[o)M and 
(b) (Wo | M[o)M)(Vt eT): #(o[t) =k, for some k > 1. 


There are a number of recent results concerning the structural properties of LSFC nets. 
We mention below two theorems from [49]; these are important for later developments in 
the thesis. Let M be a marking of a net N, and P, © P. Then M[P, denotes the 


submarking obtained by restricting M to P,. 


Informally, the theorem below states that the behavior of a SM-component—as charac- 
terized by firing sequences—is not constrained in any way by the composite FC net. The 
set of firing sequences of a SM-component ©, is the same as that of the composite net 
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restricted to the transitions in T,. Thus a LSFC net can be considered as a set of state 
machines which operate concurrently and synchronize with each other occasionally. 


Theorem 3.5 Let 5 = (P,T, F, Mo) be a LSFC net, and suppose D1 = (P;, Ti, Fi, MQ) is 
a SM-component of X, where Mi = Mo[P;. Then 


FS(2,) = FS(Z)[Ti, 


where by definition FS(3) [T, = {o]T, |o € FS(Z)}. 


The following theorem states that each MG-component in a LSFC net can be activated 
at some marking and it is a LS marked graph under that marking. 


Theorem 3.6 Let © = (P,T,F,Mo) be a LSFC net and N, = (P,,T,,F;) be a MG- 
component of D. Then there exists a marking M € [Mo) such that D, = (Pi, T,, Fi, M') is 
a live safe marked graph, where M1 = M[P,. 


3.2 Firing Sequence Semantics of Free-Choice nets 


One main result of this section is a theorem stating the relation between the behavior 
of a LSFC net and those of the component subnets constituting the original net. The 
behavior of nets will be characterized in terms of sets of firing sequences. We will show 
that these sets are regular by demonstrating a procedure for constructing their equivalent 
finite automata (FA). For nets, these FA correspond precisely to the reachability graphs 
whose vertices represent the markings of nets, and arcs between vertices the transitions 
from one marking to another due to the firing of some transition in the net. This theorem 
provides an algorithm for obtaining the equivalent FA directly from the structure of a 
LSFC net, instead of having to determine every marking from the firing rule. 


3.2.1 Semantics 


Theorem 3.5 states that the set of firing sequences of a SM-component %, is the same 
as that of the composite net restricted to the transitions in T;. Thus a LSFC net can be 
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considered as a set of state machines which operate concurrently and synchronize with each 
other occasionally. Given this fundamental viewpoint, we can characterize the behavior of 


a LSFC net as a composition of firing sequences of the component state machines. 


Before discussing the theorem, we present a convenient operator called weave for com- 
bining firing sequences of concurrently operating nets. For a net £, F.S(X) denotes its set 
of firing sequences. 


Definition 3.7 Let D; = (Pi,Ti1, Fi, Mg) and S2 = (P2,T2, Fo, M3) be two nets. The 
weave of two sets of firing sequences FS(X1) and FS(X2) ts given by 


FS(X) | FS(22) = {o € (T, U T2)* | o|[T, E F'S(X}) A a[T E FS(Z2)}. 


Weaving is idempotent, commutative and associative. If T; 72 = 0, weaving is exactly 
the shuffle of two sets of sequences. The weave operator has been used in [25,53] as 
a convenient means of describing “synchronized concurrency” between two sequences of 
events, such that distinct events in two sequences can occur concurently in any order, but 
their common events must occur in synchrony. In these formulations, the set of firing 
sequences is always accompanied by the set of events to form a pair (T, F'S) called a trace 
structure, where FS C T*. The inclusion of the set of transitions T is necessary in order 


for weave to be associative. In our formulation, the corresponding trace structure of a 


LSFC net © = (P,T, F, Mp) is given by (T, FS(X)). 


Theorem 3.3 shows that for a LSFC net, there exists a set of one-token SM-components 
which cover it. The existence of these components is essential to the correctness of the 


following theorem. 


Theorem 3.8 Let © = (P,T,F,Mo) be a LSFC net, {E1,D2,..., Un} be @ set of one- 
token SM-components which covers the net, where 0; = (P;,T;, F;, Mj) and Mj = M)[P,;, 
l<i<n. Then 

FS(B) = FS(B1) || FS(Z2) |... || FS(Zn). 


Proof. Let FS' = FS(Z1)||F5(Z2)||...||F.5(Zn). We need to show that F'S(Z) = FS". 


(a) FS(Z) C FS’: Theorem 3.5 states that if & is a LSFC net then for every SM- 
component 5,, 1 <i <n: FS(X,) = FS(X)[T;. Hence, o € FS(X) = of T, € FS(Z)[T; = 
FS(X,), which further implies that o € F'S’. Therefore FS(Z) C FS’. 
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(b) FS’ C FS(Z) : We need to show that every sequence o € T* such that ofT; € 
FS(X;), 1 <i <n, is a firing sequence of U, i.e. o € FS(Z). This is done by induction 


on |o|. 
Basis: |o| = 0. Trivial. 


Induction step: Assume that o = at € T*, where a[T; € FS(X;), 1 < i < n and 
o € FS(X). Let M' be a marking of E such that Mo[)M’. We proceed to show that at 
M", if t is enabled in every SM-component which contains it, then t is also enabled in E. 
In which case, Gt is a firing sequence of D. 


Let p € -t, then there must exist some SM-component L; containing p, as the SM- 
components cover the net. Because 2; is a SM-component, it must also contain t. Since 
ot[T; is a firing sequence of L;, it follows that p must be marked at M’. By applying the 
same reasoning, we deduce that every input place of t must be marked. Hence at M’, t is 


enabled in ©. ] 


Even though no proof exists, we believe that the above theorem should apply also to a 
superclass of FS nets called State-Machine Decomposable (SMD) nets. 


3.2.2 An algorithm for constructing reachability graphs 


So far, we have demonstrated that the set of firing sequences of a LSFC net can be obtained 
by weaving those of its SM-components. It will be shown in this section that the set of 
firing sequences of any LSFC net is regular by demonstrating the existence of a finite 
automaton (FA) which accepts or generates such a set of firing sequences. The result of 
Theorem 3.8 above provides an algorithm for constructing a FA directly from the structure 
of the net. 


We start first with a description of the algorithm itself. For a LSFC net %, 6(Z) 
denotes its equivalent FA (which is the same as its reachability graph). 


Algorithm 3.9 Let U = (P,T,F,Mo) be a LSFC net and {X1,¥o,...,U,} be a set of 


one-token SM-components which covers the net. Then 


O(Z) = O(E4) || O(L2) |]... || PCEn) 
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Figure 3.2: (a) the state machines of SM-components from Fig. 3.1, and (b) the weave of 
two state machines, yielding the reachability graph of the LSFC net in Fig. 3.1. 


where (Z;)||®@(D;) denotes the weave of two state machines, as described subsequently. 


Fig. 3.2 shows construction of the equivalent FA of the LSFC net in Fig. 3.1 by weaving 
the state machines corresponding to the SM-components. The regular expressions for the 


component state machines are 
Ey = ((titsltets)to)* and Ey = ((titaltate)to)". 


The regular expression for the LSFC net is E,||£, and can be determined directly from 
the state graph in (b) as E,||E2 = ((ti(ts||t,)|t2(ts||te))to)*. 


Note that if &; is a SM-component, then @(X;) is the same as 4, itself, except for a few 
representational changes. In this case, F.S(2;) can be represented by a regular expression 
involving the operators concatenation, union, and Kleene closure (denoted respectively by 
juxtaposition, bar |, and star +.) The construction algorithm in the above definition is 
more convenient and direct than the alternate approach of manipulating the set of firing 
sequencess and expressions, as suggested by Theorem 3.8. It is more convenient because 
all state machine components already exist; they need not be constructed from their sets 


of firing sequences. 


First, we describe a more conventional representation of state machines. Recall that 
ifa LSFC net © = (P,T,F,Mo) is a state machine then VM € [Mo) : M(P) = 1 and 
VteT:|-t| = |t-|=1. 


Definition 3.10 Let 5 = (P,T,F, Mo) be a state machine. Then the finite automaton 
corresponding to X ts given by ®(X) = (S,T, 4, 30,q) where 
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e For P = {po,pi,---, Pn}, S={ {po}, {pi},---, {pn} } ts the set of states, 
© 39 = {p| Mo(p) = 1} is the initial state, 
e g= {So} is set of final states, 


e6:SxT —+ Sa partial function called transition function defined such that Vt € 
T, Vr1,PR€EP: 
(mA) F A (hme F @ 5(s,t) =, 


where 8; = {pi}, 32 = {po}. 


In graphical representation, states in S are drawn as small solid circles. The initial 
state is circled to distinguish it from the rest. The transition function is indicated by arcs 
between states, labeled with the appropriate transitions. Also by convention, Vs € S : 


6(s,€) = s. For clarity these arcs are omitted for every state s. 


Let A be a regular set of firing sequences, then F'A(A) will be used to denote the 
corresponding finite automaton. For a LS net 0, F'S(X) denotes its set of firing sequences 
and FA(FS(X)) denotes its finite automaton. Thus FA(FS(Z)) = ®(2). The weave of 
two finite automata is defined subsequently. In order to keep the definition general, the 
transition relation A C S x T x S will be used instead of the usual transition relation 
6:SxTHS? 


Definition 3.11 Let ©, and D2 be nets with sets of firing sequences Ey = FS(X1) and 
E, = FS(22) and finite automata 


®(5,) = FA(F,) 
&(Z_) = FA(E,) 


(Si, Ti, Ay, 3) qn) 
(So, To, Aa, 33, q2) 


(a) The weave of ®(Z1) and ®(X2) ts given by 
(Ds) || (D2) Y FA(H||2). 
(b) The finite automaton corresponding to the weave of E, and E2 ts given by 


FA(E,||£2) = (S41 x So, Ti U To, A, {36, So}, qn xX q2), 


2 finite automaton with a transition relation is generally nondeterministic, while one with a transition 
function is deterministic. Converting from a nondeterministic finite automaton to a deterministic one is 
straightforward, using such well-known techniques as the subset construction method. 
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where A is defined as follows: Vay,a2 € S,, Wb, 62 € Sz, Vt € T, UT2 U {e} : 


(a1, t[T), a2) € Ai A (b,, t[T2, b2) € A» > ({a1, by}, ¢, {a2, b2}) € A. 


The inclusion of the empty transition ¢ for all states s : (s,¢,3) € A is essential for 
the concise characterization of a weave’s state machine. By using the e-transitions, one 
avoids the distinction between different cases corresponding to t € T; — Tz, t € Ty —T, and 
t€ 7, NT). The above definition is essentially due to [53]. 


3.3. Temporal Relations: Ordering, Concurrency and 
Conflict 


Under the one-token SM restriction on a LSFC net, one can determine directly from 
its structure whether two transitions are ordered, concurrent, or in conflict. Since we 
are only interested in nets which are strongly connected directed graphs, these temporal 
characterizations will be different from those based on partial orders which correspond to 
acyclic graphs. We will first define these sub-relations based on the structure of LSFC nets 
and then discuss their meaning and correspondence to situations in reachability graphs. 


As mentioned in Chapter 2, this syntactic characterization only works for LSFC nets 
with the additional restriction which we call one-token SM restriction, given again below. 


In fact, all results proven in this section assume this restriction. 


Restriction 3.12 (One-token SM) The class of LSFC nets considered is such that for 


a net in this class, every one of its SM-components contains ezactly one token. 


3.3.1 Syntactic Characterization 


Below we define symmetric binary relations li, co, cf and dc on the set of transitions 
T; they stand for ordering, concurrent, conflict and direct-conflict, respectively. A stmple 
path in a net N is a path z;22...2, € N such that 2; 4.23, 1 <1 43 <n. A simple cycle 
in N is a simple path 2,272...2, C N with 2; = 2,. An element z belonging to a cycle or 
path II is written as z € II. 
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|__ fi to | ts | te | ts | ts | ts | te | 


Table 3.1: The temporal relation of the LSFC net in Fig. 3.1. 


Definition 3.13 Let © = (P,T,F,Mo) be a LSFC net satisfying the one-token SM re- 


striction. For distinct transitions t,t! Ee T: 


(a) t and t’ are ordered, denoted as {t,t'} € li, iff there exists a simple cycle in D to 
which both t and t’ belong. 


(b) t and t’ are concurrent, denoted as {t,t'} € co, iff {t,t'} ¢ li and there exists a 
MG-component of % to which both t and t’ belong. 


(c) t and t’ are in conflict, denoted as {t,t'} € cf, iff 


1. either {t,t'} ¢ li and there exists a SM-component to which both t and t' belong, 


2. or there exists no SM-component or MG-component containing both t and t’. 


In the characterization of concurrency, the existence of a MG-component is required 
in order for two transitions to be concurrent (statement b). However, in case of conflicts, 
the existence of a SM-component is sufficient but not necessary for two transitions to be 
in conflict. Statement d2 indicates that two transitions are also in conflict if no reduction 
produces a subnet—be it a SM-component or a MG-component—which contains both 
of them. Intuitively, this makes sense, as two concurrent transitions must always occur 
together; this implies the existence of a such an MG-component. On the other hand, if 
two transitions are in conflict, the occurrence of one exclude that of the other. Hence it is 


possible that they do not both belong to any structural component of the net at all. 
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Applying the above definition to the FC net of Fig. 3.1, we can construct Table 3.1. 
Since the relations are symmetric, half of the table is implied by the other half. Note 
also that {t4,ts} and {t3,ts} belong to cf, but they do not both belong to any SM- or 
MG-component. 


One special case of (c) is the direct-conflict relation: t and t’ (t # 1’) are in direct- 
conflict, denoted as {t, t’} € de, iff ¢-t’ # @. In the above definition, dc C cf: according 
to the FC hypothesis, there exists place p which is a unique shared place of ¢ and ?’, 
therefore they cannot belong to the same simple cycle and furthermore, they must belong 
to the same SM-component. Also, define id as {{z,2}} € T x T and id C li. Another 
useful derived relation is ide = cf — de: If two transitions t and ¢’ are in conflict but not 
in direct conflict, then {t, t’} € ide and then they are said to be tn tndirect conflict. 


In a LS marked graph © = (P,T, F, Mo), a cut Cis a maximal set of elements in PUT 
which are pairwise not contained in the same simple cycle. That is, if we extend the binary 
relation r € {li, co, cf} to (P UT) x (PUT) then a cut C C PUT is defined such that 


Ve,yEC:{z,y}€co and 
Vz €(PUT)-C,42 €C: {2,z} ¢ co. 


A t-cut C, C T consists of all transitions which can fire concurrently at some marking of 
the net. A p-cut C, C P consists of all places that can be marked at the same time. The 
following lemma states that in a LS marked graph, any LS marking M marks all places of 
a p-cut and leaves other places blank. 


Lemma 3.14 Let 5 = (P,T,F,Mo) be a LS marked graph satisfying the one-token SM 
restriction. Then every life-safe marking M € [Mo) marked all places of a p-cut C, and 
none else. That ts, there exists C, such that 


1 VpEec, 
0 otherwise 


M(p) = { 
Proof. Let {Q1,...,Q,} be the set of simple cycles in Ng where 2; = (P;, T;, Fj). Since X 
is a marked graph, each place is uniquely identified by its unique input and unique output 
transitions. Hence a marked graph can be considered as a directed graph with vertices 
corresponding to transitions and arcs corresponding to places. Therefore by definition, a 


cut C, is a maximal set of arcs such that no two belong to the same simple cycle. Hence, 
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every simple cycle in {,,...,2,} must contain exactly one arc in C,, i.e. Vi € {1,...,n}: 
|P; C,| = 1. Consider a marking M which marks all places in C, and none else. Then 
under the one-token SM restriction, M is a live-safe marking because each simple cycle 2; 
contains exactly one token. i 


It has been shown in [27] that for LS marked graphs with the property that every 
simple cycle contains exactly one token, there exists a unique equivalence class of life-safe 
markings: any two markings in this equivalence class are mutually reachable from one 
another. This equivalence class is precisely the set of all p-cuts {C,} of a LS marked 
graph, including those which are singleton sets (|C,| = 1). 


The above result for marked graphs can be generalized to LSFC nets in a straightfor- 
ward manner. According to Theorem 3.6, every SM-component can be activated at some 


marking and it operates as a LS marked graph. Hence 


Theorem 3.15 Let 5 = (P,T,F, Mo) be a LSFC net satisfying the one-token SM restric- 
tion. Then every life-safe marking M € [Mo) marks all places of a p-cut C, of some 
MG-component. 


Some Examples. The above definition of the temporal relation indicates that one can 
determine the relation between two transitions only by looking at the global structure of 
a LSFC net. In Fig. 4a, it appears that C = {p,,p2,p3, pa} forms a p-cut in some net; 
however as shown in Fig. 4b, Cis not a p-cut if there are two simple cycles —one containing 
ty, t2, the other t3,t4— which do not share some common transition. This is because p2 
and p3 are contained in a simple cycle and are therefore ordered. C is a p-cut only when 
there exists at least one transition u shared by the cycles, as shown in Fig. 4c. 


In another example (Fig. 4d), place p appears to be a redundant place [2] and could 
be removed without changing the behavior of the net. However, Fig. 4e shows that if p is 
removed then the simple cycle t, ptgpqt2patspst; would no longer exist; in which case t, and 
t, would become concurrent. Thus in this particular case, the removal of p does indeed 
change the behavior of the net drastically and therefore it is not redundant. 
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Figure 3.3: (a) C = {p,, p2, ps, pa} appears to be a p-cut in some net. However (b) C is not 
a p-cut unless (c) there exists a shared transition u. (d) Place p appears to be a redundant 
place. However, in (e) it is not. 


3.3.2 Partition of the Temporal Relation and Correspondence to 
Reachability Graphs 


As shown next, the above syntactic characterizations partition the temporal relation, de- 
fined as tr = T x T, into disjoint subsets of ordering, concurrency and conflict, as is 
illustrated by Fig. 3.4. The subset co represents the non-sequential behavior, liUcf repre- 
sents the sequential behavior of the net. For LS marked graphs, cf = @ and tr = liUco, 
For LS state machines, co = 9 and tr = liUcf. 


Theorem 3.16 Let © = (P,T,F,Mo) be a LSFC net satisfying the one-token SM restric- 
tion, and tr = T x T be called the temporal relation. Then li, co and cf partition tr into 


disjoint subsets: 
(a) livcoUcf =tr, and 
(6) linco=lincef =concf = 9. 


Proof. Statement (a) trivially follows from the definitions, and so do liN co = @ and 
lincf = 9. It remains to show that coMcf = §. To establish this fact, it suffices to 


cf 
confisct 


Figure 3.4: Partitions of the temporal relation tr. 


show that in a LSFC net satisfying the one-token SM restriction, if two transitions do 
not belong to a simple cycle then they cannot belong to some MG-component and some 
SM-component at the same time. (In case two transitions are in conflict by not belonging 
to any structural component at all, it is trivial to see that they cannot be concurrent.) 


Let Ny denote the underlying structure of D. First, note that if two transitions t and 
t’ do belong to a simple cycle in Ny then t and ¢’ must belong to a simple cycle in some 
MG-component N; = (Pi,71, 1) and in some SM-component Nz = (P2,T2, F2), because 
both MG and SM reduction cover the net. Thus, if ¢t and t' do not belong to any simple 
cycle in N, they do not belong to a simple cycle in any MG-component or SM-component. 
In this case, we show that if ¢ and t' belong to both N, and N3 then the net is either unsafe 
or nonlive. 


If t,t’ € T, but no simple cycle containing both of them, then there must exist some 
u € T, such that t,u € 9 and t’,u € 2), where 0;,04 are distinct simple cycles in N; 
(Fig. 3.5). If ¢,¢’ € ZT, but no simple cycle containing both of them, then there must exist 
some p € P, such that t,p € Q2 and t’,p € 4, where N2, 04 are distinct simple cycles in 
Ny (Fig. 3.5). 


Since N; is a MG-component of a LSFC net, according to Theorem 3.6, there exists a 
marking which activates N; and N, will operate as a live-safe marked graph. Since ¢ and 
t’ do not belong to the same simple cycle, according to Theorem 3.15, in N, there exists 
a p-cut which corresponds to a marking M € [Mo) under which both ¢ and ?¢’ are enabled. 
Hence at M, all input places of ¢ and t’ are marked. Since the cycles 22 and 93 in N2 
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MG-component Ny 


SM-component Ng 


Figure 3.5: Proof of Theorem 3.16. 


contain transitions t and ?t’ respectively, they must each contains one input place of ¢ or 
t'. Since all input places of t and ¢/ are marked, the SM-component N,2 contains at least 
two tokens. Under the one-token SM restriction, this would lead to unsafeness. On the 
other hand, if Nz contains only one token then only one of t,t’ can possibly be enabled; 
this implies that u cannot be enabled subsequently, leading to a deadlock. | 


The above classifications of the temporal relation are based on the syntax of LSFC nets. 
We now attempt to connect these classifications to the normal understanding of ordering, 
concurrency and conflict in terms of firing sequences. It will be shown that for LSFC nets, 
there exists a unique correspondence between an element of the temporal relation and a 


situation in a reachability graph of a net. 


The following theorem gives the characterization of ordering, concurrency and conflict 
in terms of reachability graphs, or equivalently, firing sequences. Fig. 3.6 contains graphs 
illustrating these cases, in which vertices representing markings, solid arcs transitions be- 
tween markings. The dotted arcs indicate explicitly those transitions which cannot occur; 
dashed arcs indicate a path between two markings. 


A cycle in a reachability graph is characterized by M,[t,)Mg[t2)...[ta_1)M, where 
M, = M,; o = tt,...tp_1 is a firing sequence such that Mi[o)M,. If furthermore M; # 
M;,1<143j <n then it is a stmple cycle; in this case, o is called the firing sequence 
corresponding to a simple cycle. In the following theorem and its proof, we use o to denote 


such a firing sequence. 
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Figure 3.6: t,t’ are (a) in direct-conflict (dc) (b) concurrent (co) (c) ordered or in indi- 
rect-conflict (li U ide). 


Theorem 3.17 Let 0 = (P,T, F, Mo) be a LSFC net satisfying the one-token SM restric- 
tion. Then Vt,t' € T: 

(a) {t,t} Ede # 3M €[Mo): M[t)AM[t') A ~M{[tt') A >MI[t't) 

(b) {t,t} Eco <> 3M €[Mo) : M[tt’) A M[t’t) 

(c) {t,t} Elibide «= AM €[Mpo): M[t) A Mt’) 

(d) {t, t'} € ide <= (AM €e[M,): M[t) A M[t')) A( Ao € T* : t,t’ € a), 


where o is a firing sequence corresponding to a simple cycle tn the reachability graph of X. 


Parts (a) and (b) state that if two transitions are either concurrent or in direct conflict, 
then there is a marking in which both are enabled. Part (c) states that if two transitions 
are either ordered or in indirect conflict then they are never enabled in the same marking. 
Thus by inspecting the local structure of the reachability graph, it is possible to determine 
when two transitions are either concurrent or in direct conflict. However, ordering cannot 
be distinguished from indirect conflict. Part (d) further states that in order to discern 
these two cases, the global structure of the reachability graph needs be inspected: for 
every two transitions t and t’, if there exists no marking M in which both transitions are 
enabled and furthermore, there exists no firing sequence o corresponding to a simple cycle 
in the reachability graph such that t,t’ € a, then ¢ and ?’ are in indirect conflict. 


Proof of Theorem §.17. Part (a). (=>) If {t,t} € de then in Ns, there exists no simple 
cycle containing both t and t’, and there exists some SM-component N such that t, t’ € T). 
Every such SM-component must contain exactly one token. Furthermore according to the 
FC hypothesis, Jp € P, : p- = {t,t/} and 3M € [Mo): M(p) = 1. Hence M[t) and M[?’). 
Moreover, since the firing of either ¢ or t’ will remove the token in p, M[tt’) and M{[tt') 


cannot be true. 


(<=) If M[t) A M[t’), and tt’ and tt’ are not firing sequences then it must be the case 
that -t-t’ ¢ @. For suppose that -t-t’ = @. Then since M[t) A M[?’), all places in -tU-?’ 
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must contain tokens. However this implies that M[tt’) A M[t’t), a contradiction. Therefore, 
it must be the case that dp € P: -t/-t' = {p} and hence {t, t'} € de. 


Part (b). Note that M[tt’) A M[t’t) = M[t) A M[t') according to the definition of firing 


sequences. 


(=>) If {t, t’} € co then in Ny there exists no simple cycle containing both ¢ and ?’, and 
there exists some MG-component N, such that t,t’ € T,. Since ¢t and t' belong to different 
simple cycles of a marked graph Nj, -tN-t’ = t-/Nt’: = 9 and furthermore, -tN-t' € C,, 
where C, is a p-cut in N,. Therefore, according to Lemma 3.14, 3M € [Mo) : M(p) = 
1 Vp € -tU-t’. Clearly, at M both ¢ and ¢’ are enabled independently, thus proving the 


necessary condition. 


(<) First, we show that -tN-t! = t¢-Nt'. = 0. Suppose that -t -t’ # 0, then due to the 
FC hypothesis, Jp € P: -t-t’ = {p}. Then according to Part (a), tt’ and t’t cannot be 
firing sequence—a contradiction. Hence -tN -t' = @. From -t-t' = @, using the fact that 
the net is safe, we show that t- Mt’. = 9. For if ¢- mt’. 4 @ then Jp€ P: pe t-nt'-. Since 
both ¢ and ?#’ are enabled, they can fire concurrently, placing two tokens in p and the net 


is unsafe. 


Now we proceed to show that ¢ and ¢’ must belong to distinct simple cycles of some 
MG-component Nj. ¢ and t’ cannot both belong to any simple cycle 2, for if they do then 
Q must contain at least two tokens, each from an input place of t and ¢t’; under the one- 
token SM restriction, this leads to unsafe behavior. Hence according to Theorem 3.16, they 
must belong to distinct simpe cycles of either a MG-component N,; or a SM-component 
N2. However, if N2 existed, it would contain at least two tokens, one from each input place 
of t and t’. This causes unsafe behavior. Therefore they must belong to distinct cycles of 
N, and hence by definition, {t, t’} € co. 


Part (c). From parts (a) and (b), it follows immediately that 
{t,t'} EcoUde ~& IM €[M)): M[t) A M[t'), 


which means that if two transitions are either concurrent or in direct conflict, then there is a 
marking in which both are enabled. To prove (c), note that (AM € [Mp) : M[t)AM[t')) = 
{t,t} €coUde @ {t,t} € tr —coUde = liU (ef — de) = liv ide. 
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Part (d). From (c), we have AM : M[t)A M[t'’) => {t,t} € liUide. We claim that 
(Ao €T*:t,t Eo) => {t,t} € ef. The result follows immediately. 


To verify the claim, note that if {t, t)} € liUco then there exists a MG-component N, 
containing both ¢ and t’. According to Theorem 3.4, Vo € Ts | (4M € [Mo): M[o)M): o 
must contain all transitions in Tj. Since t,t’ € 7, it follows that t,t’ € a. Also, since 
T; CT, we have {t,t’} €livUco > Jo € T*: t,t’ Eo. Or equivalently, 


(Ac €T*:t,t'e€oa) > {t,t} ¢gliUco  {t,t'} Ecf. 


Chapter 4 


Signal Transition Graphs 


In this chapter, we introduce the Signal Transition Graph model. STGs correspond to 
the class of LSFC nets with interpreted transitions: transitions in nets are interpreted as 
transitions of signals in logic circuits. Most results for LSFC nets developed in the last 
chapter apply directly to STGs. Note that we only deal with LSFC nets which satisfy the 
one-token SM restriction. 


We start out in Section 1 by giving the syntax and semantics of STGs. Briefly, a 
STG is a formal behavioral specification of a control circuit from which a set of transition 
sequences can be generated. Such a set has an equivalent finite automata representation 
called a state graph. From state graphs, one can determine the network function, which 
is a collection of logic functions describing the behavior of signals in the circuit. Section 2 
discusses state assignment, the procedure for obtaining state graphs from STGs. Section 
3 touches upon the area of composition of control modules. 


4.1 Syntax and Semantics 


Signal Transition Graphs are a formal behavioral specification of control circuits whose 
operation may involve ordering, concurrency and conflicts. A digital circuit (or network) 
is an interconnection of logic elements, each having one output terminal and a number of 
input terminals. Every input terminal is connected to either an input terminal of the entire 
network, or to an output terminal of another logic element in the network. The set of all 
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terminals of a network is called the set of signals. Let J denote such a set of signals, then 
J can be partitioned into the set of input signals J;, the set of output signals Jo and the 
set of internal signals Jy. It is sometimes convenient to use the set of non-input signals, 
Jnr = In U Jo # @ to reflect the intention that changes in input signals are exogenous 
while changes in non-input signals are caused by the network. 


The set of signal transitions is defined as T = J x {+,—}. For every signal j € J, there 
is a pair of signal transitions {j,,j~} associated with it. We also adopt the notation that 
if t is used to denote j, then ¢ denotes j_ and vice versa. When the direction of transition 
is not important, j. is used to denote a transition of signal 7 (either 7, or j_). The set of 
signal transitions T is likewise partitioned into T; = J; x {+,—}, Tw = Jn x {+,—} and 
To = Jo x {+, —}. In order to distinguish between input and non-input signal transitions 


in a graphical representation, transitions in T; are underlined. 


4.1.1 Signal Transition Graphs 


A Signal Transition Graph (STG) is a Petri net in which transitions are identified with 
signal transitions in a network whose set of signals is J. 


Definition 4.1 (Signal Transition Graphs) Let J be a set of signals of a network. A 
Signal Transition Graph defined on J is a Petri net Dy = (P,T, F, Mo) with T = Jx{+,—-}. 


Furthermore, a Signal Transition Graph is said to be well-formed if (i) it is a LSFC 
net satisfying the one-token SM restriction and (it) if a place p has more than one output 
transition, then all output transitions of p must be transstions of input signals, i.e. Vp € 
P:|p-|>1>p CT. 


In the sequel, well-formed STGs will be referred to simply as STGs unless stated otherwise. 
Obviously, in a STG, |7| = 2k where k is a positive interger. The restriction Vp € P: 
lp-| > 1 => p C Try indicates that all signal transitions which are in direct conflict 
must be input ones, i.e. free choices are input choices. This allows STGs to specify the 
behavior of circuits whose operation involves sequentiality, deterministic concurrency and 
nondeterministic input choices. 


1In Chapter 8, we will extend the syntax of STG to allow the specification of internal choices. In these 
cases, one element from a set of output transitions of a place is chosen to be fired depending on the holding 
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As mentioned in Chapter 2, the graphical representation of STGs will differ from Petri 
nets in two accounts: (i) A transition in STGs is not depicted as a bar but by its name 
instead. (ii) Any place p in STGs with one input and one output transition, e.g. -p = {t,} 
and p- = {t2}, will not be drawn. An arc going directly from t, to t, will be drawn 
instead: t,; — ta. Such an arc is an instance of the causal relation R C T x T, such that 
Rt, = Ape P: (ti, p) € FA (p, te) € F. 


4.1.2 State Graphs 


The semantics of STGs are given in terms of sets of transition sequences. STGs define 
sets of transition sequences which have equivalent FA representations called state graphs. 
These can be obtained by applying the results for LSFC nets described in Chapter 3. 


For a FA ® generated from a LSFC net ©, there is a corresponding state graph, denoted 
by ®,; generated from the STG 0, where Dy is an interpretation of the LSFC net ©. State 
graphs are defined as follows. 


Definition 4.2 (State Graphs) Let J = {j1,j2,..-,jn} be a set of signals of a circuit. 
A state graph defined on J is given by ®; = (S,T,5,30),? where 


e S is the set of states, defined as S = {s | 3: J + {0,1}}; every s € S is a function 
s: J — {0,1} and (s(j1), s(j2),.--,3(jn)) ts @ binary vector of signal values in state 
3. 


© 39 € S ts the instial state of the circuit. 
e T=Jx {+,—} ts the set of signal transitions. 


e 6:S5xT 5S is a partial function called the transition function, having the property 
that Vs,3'€ S,WtE€ T such that 6(s,t) = 3’: 


tif t= 7, then s(j)=0 and s'(j)=1 
if t=j_ then 3(j)=1 and s'(j)=0. 
States 3 and s' are called adjacent; s' is a nezxt-state of s. 


of a certain condition in the circuit; the choices are no longer nondeterministic. 
Here, instead of describing a state graph as a 5-tuple (S,7,5,8,q), we adopt the convention to drop q 
(the set of final states) if g = {80}. 
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As noted in Chapter 2, in the construction of an equivalent FA from a set of sequences, 
a state is an abstract concept, defined as an equivalence class of sequences with the same 
postfixes; there is no apparent relationship between a state and the transitions enabled in 
it. However, for state graphs obtained from a STG, not only do we require that it be a 
FA equivalent to the set of sequences defined by a STG, but we also require that states 
be interpreted as binary vectors representing the values of signals in a circuit. There is a 
direct connection between states and transitions: states are vectors of values of a set of 
signals, whereas transitions are transitions of the same set of signals. 


In the above definition, the transition function is extended to 6: S x T* — S such 
that for t € T and o € T*, 6(s, ta) = 6(s',0) where s’ = 6(s,t). Also, Vs € S, 6(s,€) = 8. 
By considering states as equivalent to markings, we can adopt the notations in Chapter 2: 
3’ = 6(s,t) © s[t)s’; s’ = 6(s,0) < s[o)s’; [s) denotes the set of states reachable from 
s, etc. Graphically, s[t)s’ is represented as sa 56: s[o)s’ as ¢—2,%. A transition t is said 
to be enabled in state s if s[t); an enabled transition may occur or fire. 


We denote the state graph of aSTG L; as ®;. The notions of ordering, concurrency and 
conflict in STGs and their correspondence in state graphs are exactly the same as those for 
LSFC nets. The following result is the restatement of Theorem 2.2 with markings replaced 
by states. 


Theorem 4.3 Let Dy = (P,T,F,Mo) be a STG and ; = (S,T,6,Sq) its state graph. 
Vt,t’E T: 


(a) {t,t} Ede > Js € [389) : s[t) A s[t') A —s[tt’) A 73[t't) 

(b) {t,t’} Eco +> Js € [s0) : s[tt’) A s[t’t) 

(c) {t,t} EliUide = As € [s9) : s[t) A s[t’) 

(d) {t,t} € ide <= (As € [89) : s[t) A s[t’)) A( Ao € T* : t,t’ € o) 


where o 13 a firing sequence corresponding to a simple cycle in (X,). 


We will return to more discussion of properties of state graphs in the next chapter. In order 
to give a complete picture of our direction, we describe next the network function, being 
a set of Boolean equations derived from the state graph. The network function describes 
the states of every signal in a digital network. 
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4.1.3 Network functions: Implementations of state graphs. 


Similar to Muller [36], we define a digital network as an interconnection of a finite number 
of logic elements of unbounded delays and containing no clocks, i.e. operation is asyn- 
chronous. However, we extend his autonomous networks (those with no inputs) to cover 
cases with inputs as well as internal signals. 


A logic element implements one signal of the control circuit. It is a logic circuit with 
one output and one or more inputs and is allowed to have memory, i.e. it may have internal 
feedback wires. The delay model used is one in which a logic gate can be modeled as an 
infinitely fast combinational circuit followed by a delay (of unbounded value) at the output, 
and wires with no delays. In practice, these assumptions hold; long wires which are highly 
capacitive can be modeled explicitly as delay circuits if necessary. 


Definition 4.4 (Network Functions) Let @; = (S,T,6,s9) be a state graph defined on 
J, a set of signals of a network. Then f : S x J — {0,1} ts a partial function called the 
network function, defined as follows: 
(a) Forj € J, s € S, f(s,j) ts called the implied value of signal j in state 5, defined 
such that: 
3(j) otherwise. 


f(s,j) = { s'(j) if Js'€ S: s[j.)s’ 


(b) The set of all implied values for signal j, f(j) = {f(s,j) | s € [8o)} ts the logic 


function of stgnal j. 


(c) Hence the network function can be considered as a collection of logic functions of all 


signals in J: f= {f(j)|7 € J}. 


Remarks on Definition 4.4. 


1. The implied value of a signal 7 in state s is given by (a). If there are states 3}, 3) 
such that s[t,)s} and s[t2)s} for some t,,t2 € T, then there are two cases: 


e If either ¢, or tz is a transition of j, for instance t; = j, and t, # j,, then s{(j) # 
3(j) = s(j). In which case we always choose s{(j) as the value for f(s,j), which is 
the value resulting from the transition of signal 7 itself. 


a a a a a 
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e If neither of t,, tz is a transition of signal j then s{(j) = 33(j) = s(j) and the implied 
value of j in state s is the same: f(s,j) = 3(j). 


2. Even though network functions are defined for all signals, only those for non-input 
signals are necessary for the logic implementation of the networks. This is because only 
non-input transitions in Ty; are generated by logic elements in the networks. If 6(s, t) 
is defined for some state s € S and signal transition t € Ty; then the occurrence of t is 
caused by the logic elements whenever the network gets into state s. Furthermore, since 
the firing of t depends on the delays of the logic elements, it cannot be controlled externally. 
However, if t € T; then whenever the network is in state s, it waits for the occurrence of 
input transition t which is caused by the environment. The means for the environment 
to detect that the network is in state s is through a communication protocol between 
the environment and the network. The logic functions for input signals only indicate how 
external transitions from the environment should interact with the logic network according 


to the specification. 


3. The logic function f(j) of signal j is a Boolean function in |J| variables describing 
the logic element (whose output is) 7. Logic element j may have fewer inputs than |JJ|. 
This fact does not invalidate our model, for we simply choose f(j) as a function that does 
not explicitly depend upon all of its variables. This can be accomplished by decomposing 
the state graph to minimize the interdependence between variables which appear as out- 
put and input of a logic element. A state graphs obtained from a well-formed STG can 
be decomposed in a straightforward manner using the causal relation R defined on the 
STG. This technique yields very efficient implementation of networks and will be dicussed 
subsequently in Chapter 6. 


4.1.4 An Example 


We have presented the syntax of STG, its semantics in terms of state graphs and the 
network function which describes the logic implementation of the circuit. In this example, 
we show a STG specification of a C-element, its state graph and network function. Fig. 4.la 
shows a circuit with inputs a, 6 and output c. Thus, its set of signals is J = {a,b,c}, 
and J; = {a,b} and Jo = {c}. The behavior of this circuit is described by the STG in 
Fig. 4.1b. Since its corresponding uninterpreted net is a marked graph, no places are drawn 
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Figure 4.1: (a) A C-element, (b) A STG specification and (c) its state graph. (c) The 
transition map and K-map. 


explicitly; they are uniquely determined by their input and output transitions. The arcs 
constitute the causal relation R. In the initial marking Mo, places (c_,a,) and (c_, b,) 
are marked. The set of transition sequences specified by this STG is given by the regular 
expression (a4c4a_c-_||b,c,b_c_)*, which can be simplified to ((a4|]b4)c+(a-||b_)c_)*. The 
corresponding state graph is given in Fig. 4.1c. The initial state s9 is such that so[a,) and 
8o[b4). 


In a state graph, the logic equation for every non-input signal 7 is determined from the 
set of implied values of j in all states: { f(s, 7) | s € [s9) }. This can be done conveniently 
by transferring the state graph to a type of Karnaugh maps (K-map) called transition 
map (T-map), such that every state of the state graph has a corresponding square in the 
K-map, and state transitions are indicated by arcs between squares. Then for each signal j 
to be determined, the T-map is converted to a K-map for 7 as follows: every square in the 
T-map (corresponding to a state s) is entered with the implied value of signal 7 in state s, 
f(s, 7). The logic equation for j can be readily determined from the resulting K-map. For 
example, the logic equation for signal c is determined from the state graph in Fig. 4.1¢ by 
transfering it to a T-map and K-map (Fig 4.1d) from which, c = a.b+c(a+5). This is 
precisely the logic function of a C-element. 


Note the intimate relationship between a state graph and its logic implementation: 


states in a state graphs are simply collections of values of signals in a circuit, and transitions 
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simply transitions of signals in the same circuit. In fact, one can construct a state graph 
for any circuit. However, we are only interested in circuits whose state graphs satisfy the 
properties of liveness and persistency. In the next chapter we will study these properties 
of state graphs and determine their characterizations in STGs. 


4.2 Obtaining state graphs from STGs 


Let Ly = (P,T,F,Mo) be a STG. Then ¥ denotes its uninterpreted net, also represented 
by (P,T,F, Mo) but T is given no particular interpretation. Since D is a LSFC net its 
equivalent FA, denoted by , can be determined using the construction algorithm discussed 
in Chapter 3. The state graph of D,, denoted by ®,, can then be obtained by assigning 


binary values to states of ®. 


Let @ = (5’,T, 6’, 84) denote the above equivalent FA. Then the state graph @; = 
(S,T, 6,89) can be obtained by interpreting states in S’ as binary vectors representing 
values of signals in J. This interpretation is the state assignment process, which can be 
described by a partial function a : S$’ — S, called the state-assignment function (Fig. 4.2). 
This function is defined such that 


e Every state 3’ in © maps to a binary state s in ®;: Vs' € [35) C S’ ds ES: a(s')=s. 
e Every transition 6'(s,,t) = s, in ® maps to 6(s;,t) = 32 in ®;, where 3, = a(s}), 


$2 = a(s}). 


A state assignment such that 6 satisfies the condition stated in Definition 4.2 is called 
consistent. The essential idea is that in a state graph ©y, if s[t)s’ then according to the 
physical behavior of digital circuits: if t = 7, then s(j) = 0 and s'(j) = 1; if t = j_ then 
s(j) = 1 and s'(j) = 0. The triple (s,?, 3’) is said to be consistent. Formally, a consistent 
state assignment for a state graph can be defined as follows. 


Definition 4.5 (Consistent state assignment) Let ®@ = (5’,T,6', 35) be an uninter- 
preted FA and ®; = (S,T,6, 89) be a state graph obtained from®. Then ®, has a consistent 
state assignment iff there exists a state assignment function a: S'— S satisfying 


Vt € T, Ws}, 35 € S’: whenever si[t)s, then (a(s{),t,a(s,)) ts consistent. 
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Figure 4.2: The state assignment function a maps a state in the FA to a binary state in 
the state graph. 


Since the transition function 6 is defined such that if 6(s,, t) = s2 then s, and s2 are adjacent 
states, it immediately follows that in a state graph with a consistent assignment, every 
cycle (a path starting from some state and ending at itself) must contain equal numbers 
of positive and negative instances of any signal transition and they must alternate. Hence, 
we have the following 


Lemma 4.6 Let 7 = (S,T,5, 80) be a state graph. Then ®; has a consistent state as- 
signment tff for every state s € S and for every firing sequence o € T* such that s[c)s: 


#(o[t) = #(o[t) = k and 
Vite r{ Holt) oH wee or of{t,t} = (#t)*, 


for some integer k > 0. 


In case a transition t does not appear in a sequence o then k = 0 and the above condition 
holds vacuously. It turns out that there is a direct way to ensure consistent state assignment 
from STGs. Below, we state the conditions on a STG in order for its state graph to have 
a consistent state assignment. First we consider the subclass of STGs corresponding to 
live-safe marked graphs. 


Lemma 4.7 Let Sy = (P,T,F,Mo) be a STG whose uninterpreted net is a live-safe 
marked graph. Then its state graph Dy has a consistent state assignment iff every pair 
of transitions t,t € T is ordered: {t,t} € li. 
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Fig. 4.3a shows a STG with consistent state assignment; Fig. 4.3b is a STG with no 
consistent state assignment because there are transitions b,,6_ which are concurrent; its 
state graph contains a state s with s[b,) and s[b_) and hence no value of s(6) can be chosen 
such that both 6, and b_ are consistent for s. 


Proof. (=>) 3t€ T: {t,t} gli = 4%, does not have a consistent assignment: Since Dy is 
a marked graph, {t,t} ¢ li > {t,t} € co. This implies that ds € [so) : s[t)s’ A s[t)s", for 
some s’,s” € S. Obviously, if (s, t, s’) is consistent then (s, t, s”) cannot be, and vice versa. 


Hence ®; cannot have a consistent state assignment. 


(+) Vte T: {t,t} Eli = 4, has a consistent assignment: According to Theorem 3.8, 
the set of firing sequences of £; can be obtained by veawing those of its SM-components. 
Since L, is a marked graph, these SM-components are simple cycles. Since t, # are ordered, 
they must belong to some simple cycle 2 in Ny. Hence the firing sequence defined by 2 


must have the following form (given in terms of regular expressions): either (...t...¢...) 
or (...¢...¢...)*, depending on which place in 2 contains a token in the initial marking. 


Choose any firing sequence o € T* of Ly such that s,[c)s, for some s, € [89). Since Ly 
is a marked graph, Theorem 3.4 shows that o must contain an instance of every transition 
in JT. Furthermore, as discussed in the above paragraph, for every pair of transitions ft, f, 
either o[ {t,t} = tt or o[{t,t} = tt. Hence according to Lemma 4.7, ®; has a consistent 
state assignment. | 


The above result can be generalized to the class of STGs corresponding to LSFC nets. 


Theorem 4.8 Let Xy be a STG and ©, its state graph. Then ®; has a consistent state 


assignment iff every patr of transitions t,t is ordered in Dy. 


Fig. 4.3c shows another STG with consistent state assignment which specifies input 
choices; its uninterpreted net is a LSFC net. Note the requirement that every pair of 
transitions {t,?} be ordered in every MG-component containing them. Due to this rather 
stringent requirement for consistent state assignment, the expressive power of STGs for 


specifying input choices is limited. 


Proof. Let Ly = (P,T,F,Mpo). According to Theorem 3.6, there exists for each MG- 
component N; = (P;,T;, F;) a marking M; € [Mo) at which N; operates as a live-safe 
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Figure 4.3: (a) A STG with consistent state assignment. (b) A STG without consistent 


state assignment because b, and b_ are concurrent. (c) Another STG specifying input 
choices which has a consistent state assignment. 
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marked graph. Hence, the net £; can operate deterministically in one MG-component N; 
and switches over to another, N; say, at some appropriate marking M. Marking M must 
mark some place p which is a free-choice place (i.e. |p- | > 1) such that some transitions 


t; € T;, t; € T; must be output transitions of p. 


Since every MG-component N; can be operated continuously from some marking M,, 
the set of firing sequences generated by (N;,(4;[P;)) must have an equivalent state graph, 
which in turn must also be a part of the state graph of Dy. Therefore, for the state graph 
of Sy to have a consistent assignment, it is required that the state graph ©; of every 
MG-component (N;,(M;[P;)) have a consistent assignment. Using the result from Lemma 
4.7 above, we conclude that every pair of signal transitions t,¢ must be ordered in every 
MG-component N; to which they belong. It then follows from the definition of ordering 
that t,t are ordered. ] 


4.3. Composition 


As stated earlier, the objective of this thesis is to develop techniques for direct synthesis 
of control circuits from STG specifications. Within this scope, the study of composition 
of control modules will be touched upon lightly. A great deal of work in different aspects 
of composition of control modules has been carried out; most relevant to our application 
is one based on the formalism of trace theory [25,53]. Since we have established the 
correspondence between net syntax and its underlying trace (firing sequence) semantics, 
adapting these results to our framework is straightforward. Even though composition is 
of fundamental importance for validating the correctness of systems constructed from an 


interconnection of control modules it is outside the scope of our immediate concern. 


We advocate the use of STGs for direct synthesis of control modules in a system 
organization with distributed control structures. In these systems, the control section is 
partitioned into a number of control modules which communicate with one another using 
a communication discipline such as the request/acknowledge protocol. Once the control 
modules have been identified clearly, their behavior is expressed in STG notations. Every 
module has its own STG specification which defines its internal behavior with respect to 
the interface with other modules. The interface between a module and its external world 


constitutes a boundary between a module and its environment. 
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Interface behavior. Fig. 4.4a shows a simple case of module/environment interface. 
The module A shown consists of one input link {I,,I,} and one output link {O,,O,}, 
where a link is a pair of request/acknowledge signals. We use the convention that for a 
link L, {L,,LZ,} denotes its request/acknowledge signal pair. The behavior of module A 
at the interface is specified by {IL4 —- L_,l- > L,} and {0,4 —~ Q,_,0,_ + Q,,} at 
the input link J and output link O, respectively; the arrows — are members of the causal 
relation R defined earlier. In general, we have the following rule for specifying the interface 
for STGs: every transition ¢ of an input signal can be caused only by a transition of an 
output signal, u say, and furthermore, there can be exactly one u causing t. More formally, 
in a STG it is required that for every t € T,;, there exists exactly one u such that u - t 
and u € Tg. The reason for allowing only one transition to cause an input transition is 
that we only attempt to stimulate the interface behavior by such a temporal constraint; 


input transitions are actually caused by the environment. 


Composition. Given two control modules which are connected together at some link, 
one can determine the behavior of the composite system by composing the individual 
behavior of each module. The only type of composition required here is the concurrent 
composition [25]. Informally, the concurrent composition of two STGs involves merging 
them together by “fusing” transitions in two nets; these fused transitions become internal 


transitions of the composite net. 


An example to illustrate this composition is given in Figures 4.4b and c. Fig.4.4b shows 
two modules A and B and parts of their STGs which specify the interface behavior. The 
composition of these STGs produces a new STG (Fig. 4.4c) which no longer corresponds 
to a free-choice net: transitions r;, and r2, are no longer enabled in the same marking. 
This illustrates the following important concept: When two input transitions in the STG 
specification of a module are in direct conflict (and therefore represent a nondetermsnistic 
choice), they may actually represent external choices which are totally deterministic in the 
composite net consisting of the module and its environment. This is exactly the reason 


why we restrict free-choices in a net to transitions of input signals. 


In the following definition of concurrent composition of two STGs, T;;, To; and Ty; 
denote the subsets of input, output and internal transitions, respectively, of the set of 


transitions T;. 
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Figure 4.4: (a) A control module with an input link and an output link. (b) Two control 
modules with connected communation links and (c) their composition. 


Definition 4.9 Let Dn = (Pi, TN, Fi, M3) and Due = (P2,T2, F2, M2) be STG specifica- 
tions of two control modules, with the restriction that 


Tn 1 To2 # 9, Tre N To: # 0, Ty NT =To1NTo2 = PNP, = 9. 


The concurrent composition of Uy, and Ujq ts denoted by Ly = Up||Use. Let Ly = 
(P,T,F, Mo), then it ts defined as follows: 


e J = J,UJ2, Jr = JnUJp2—-AN Je, Jo = Joi.UJo2—Ji Nd, Jn = Ini, UIn2U(JiNJ2). 
e T=Jx {+,-}. 
eP=P,UR,F=FUF, Mo=MiUM). 


Using Theorem 3.8, the set of transition sequences of the composite net is simply the 
weave of the individual sets, provided the latter are of STGs corresponding live-safe marked 
graphs. Equivalently, the finite automaton of the composite net is the weave of those of 
the individual nets. 


Theorem 4.10 Let Oy, Uyg be STGs whose uninterpreted nets are live-safe marked 
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graphs, and ®y,, Dyz be thetr state graphs. Let Uy = Oy||Uyq and DB; denote its state 
graph. Then ©; = ©3;||®32, the weave of two state machines given by Def. 9.11. 


Note that this result does not generalize to composition of STGs whose uninterpreted nets 
are LSFC nets because, as we have illustrated through Fig. 4.4, the composition of two 
LSFC nets results in a net which may no longer be free-choice. Also, the above theorem 
does not guarantee that the composite net D, is live-safe even if 53; and Dye are live-safe. 
It may be the case that when two nets are composed, a new simple cycle which contains no 
token is created in the composite net, leading to a deadlock. However, the theorem does 
provide a method for verifying whether the composite net is live: D, is live if the weave of 


none of the firing sequences results in an empty set. 


Chapter 5 


Properties of State Graphs 


In this chapter, we further explore two important properties of state graphs called live- 
ness and persistency. They are important because they correspond to the properties of 
deadlock-free and hazard-free in the circuit implementations of state graphs. Since we have 
established the equivalence between STGs and a class of state graphs, we can characterize 
these properties in terms of STGs; these will appear as syntactic conditions on STGs. 
Liveness will be considered in Section 1 as it is the simpler to derive of the two properties. 
Section 2 discusses persistency and its corresponding characterization in STGs. Section 3 
describes a problem related to state asssignment and a remedy for this problem. 


5.1 Liveness 


As discussed in Chapter 2, we will be using a rather restrictive notion of liveness for state 
graphs. Simply a state graph is live iff it is strongly connected, and each transition is 
enabled in some state of the state graph. This implies that every state reachable from the 
initial state of the system is reproducible, i.e. the set of states form an equivalent class in 
which every two states are mutually reachable. This notion of liveness implies that every 
transition in the circuit can be enabled infinitely often because it is enabled in at least one 


state which can be reached from any other state of the circuit. 


Definition 5.1 (Liveness of state graphs) A state graph defined on a set of signal J, 
b; = (S,T, 6,30), is live iff it ts strongly connected and for each t € T, there exists 3 € [39) 
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such that s{t). 


In state graphs, states and transitions are intimately related, as they represent binary 
values and transitions of the same set of signals of a control circuit, respectively. In Section 
4.2, we discussed a property of state graphs which requires that every triple (s, t, s’), where 
s[t)s’, be consistent. A live state graph must be strongly connected and must have a 
consistent state assignment. 


Based on this definition, the condition on a STG such that its state graph is live can 
be derived easily. A STG satisfying this kveness condition will simply be called live. Let 
x, denote a STG and D its uninterpreted net. Then the state graph ®, of Ly is obtained 
by performing state assignment on the finite automaton ® derived from the net Z. For 
the state graph %, to be live, it must be strongly connected and have a consistent state 
assignment. ®,y is strongly connected iff © is a live-safe net; furthermore, because the 
largest class of nets considered is FC nets, © has to be a LSFC net. 


The preceding argument simply states that a STG is live iff it is well-formed and its 
state graph has a consistent state assignment. This establishes the following theorem 


Theorem 5.2 (Liveness condition for STGs) Let 5; be a STG and ¥ its uninter- 
preted net. Then Xz ts live iff 


e X13 a live-safe free-choice net, and 


e InXjz, every patr of transitions t,t is ordered. (This is precisely the condition for the 
state graph of Xy to have a consistent state assignment, as stated in Theorem 4.8.) 


5.2 Persistency 


Persistency one of the most important properties of state graphs, as it is the essential 
property of speed-independent circuits. In Section 2.3, we have briefly discussed this 
property and its equivalent characterization in STGs. In this section, we will go into detail 
of how this equivalence is established. . 
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First, we define the concepts of enabling and disabling between transitions in unin- 
terpreted finite automata. These general concepts apply to all interpreted FA, including 
reachability graphs and state graphs. Let (S,T,6,s9) be a FA, where S denotes a set 
of states and T a set of transitions, both with no particular interpretation. Also let 
Tz(s) = {t | s[t)} denote the set of transitions enabled in a state s € S. 


e Instate s, t enables t' (denoted as tEt’) iff ds’ € S : s[t)s’[t’) A t' ¢ Te(s) At ¢ Tr(s’) 
(Fig. 5.1a). 

e In state s, t disables t' (denoted as tDt') iff 4s’ € S: s[t)s’ A s{t') At’ ¢ Tr(s’) 
(Fig. 5.1b). 


Simply, tZt’ in s means that the occurrence of ¢ in state 3 brings the system to another 
state s’ in which ft’ is enabled; tD?’ in s means that the occurrence of t in state s—in which 
t’ is also enabled—brings the system to another state s’ in which ?¢’ is no longer enabled. 
We also use Et’ and tDt' to denote =(tEt’) and 7(tDt’), respectively. Using this notation, 
the situation in Fig. 5.1b can be denoted as tDt' A t' Dt. 


Generally, in a FA, some transition may have several appearances (instances). Further- 
more there are a variety of ways two transitions may interact with each other. For example, 
there may be instances of transitions t and ?’ such that tE?t’ in some state s, and other 
instances such that tD?’ in some other state s’. However, for FA generated from LSFC 
nets and STGs, we have established their equivalence in Theorem 3.17, which indicates 
that any situation in a FA has a corresponding characterization in a net. For example, if 
tRt' (where R is the causal relation defined in Chapters 2 and 4) in a LSFC net then in 
its FA, an equivalent instance of tHt’ must exist, and further there can be no instance of 
tDt'. The above result is formally stated as follows. Let © = (P,T, F,Mo) be a LSFC net 
and ® = (S,T,6, 89) its FA. Then for every t,t’ € T: tRt’in 0 @ (3s € S: tHE?’ in $). 


5.2.1 Definition of Persistency 


The property of persistency is defined differently for uninterpreted and interpreted FA—the 
latter being state graphs. The reason is that in state graphs, transitions are divided into 
those of input and non-input signals, whereas no such distinction exists for uninterpreted 


FA. 
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Figure 5.1: (a) An instance of t enables t’ in s. (b) An instance of t disables ¢’ in s. Dotted 
arcs are used to indicate transitions which cannot occur in certain states. 


For uninterpreted FA, a transition is said to be persistent if none of its instances in a 
finite automaton is ever disabled by any other transition; otherwise, it is non-perststent. 


For example, transition t in Fig. 5.1b is persistent, while t’ is non-persistent. 


For state graphs, the above definition applies only to transitions of non-input signals; 
transitions of input signals are always assumed to be persistent. This assumption is based 
on a property of state graphs called the external persistency property, the justification for 
which will be given shortly. 


Definition 5.3 (Persistency in State Graphs) In a state graph ®; = (S,T, 6, 80): 


e Every t € T; is persistent. 


e ¢t € Tyy is persistent iff Vs,s' € S,Vt'e T: s[t) A s[t')s’ = s'[t); otherwise, t is 


non-persistent. 


e D, ts persistent iff every transition in T is persistent. 


An immediate implication of the external persistency property is that it permits the speci- 
fication of input choices in a state graph. Fig. 5.2b shows an example with an input choice 


between transitions a, and 6,, the corresponding circuit is shown in Fig. 5.2a. 


Justification for the External Persistency Property. This intuitive property indeed 
has a logical justification which is based on the relationship between states and transitions 
in a state graph. In Fig. 5.2b, states are vectors containing the binary values of signals in 
(a, b,c,d,e, f). From state 3; = 000000, the firing of transition c, brings the circuit to state 
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Figure 5.2: (a) A control circuit with an input choice involving signal a, b and (b) part of its 
state graph. (c) Part of the state graph of the circuit, taken together with its environment. 
Contraction of the state graph in (b) involves: (d) removing unwanted transitions a+, b,, fy 
and (e) contract the state graph. 


88 CHAPTER 5. PROPERTIES OF STATE GRAPHS 


82 = 001000, in which both a, and 6, are enabled. Since a and 6 are external signal, it can 
be assumed that the environment has additional knowledge to deterministically choose 
only one of their transitions to fire. This assumption is justifiable as the environment 
must have enough information to recognize that a, and 6, are not in really enabled in 
the same state, even though this is how it appears to the circuit. That is, if the circuit 
and the environment are taken together as a system, then additional signals must exist 
in the environment such that states s; and s2 can be “split” into {s/,s/} and {s}, 7}, as 
shown in Fig. 5.2c. Thus, in the more complete system consisting of the original one and 
its environment, a, and b, are in fact not enabled in the same state as it appeared in the 


original one. 


This fundamental relationship between states and transitions in a state graph is also 
the basis for a method of decomposition called contraction. It rests on the same principle 
which relates states and transitions, but instead of considering a system together with its 
environment, a subcomponent of the system is isolated and its behavior extracted from that 
of the original state graph. For example, if one is interested in the component consisting 
only of signals {c, d,e} of the circuit in Fig. 5.2a, then a state graph describing its behavior 
can be derived from in the state graph in Fig. 5.2b as follows. Since other signals {a, b, f} 
do not belong to this subcomponent, their transitions can be removed from the state graph; 
this is done by replacing them with ¢ (the silent transition) as indicated in Fig. 5.2d. Now 
each state in the resulting state graph is reduced to a vector of (c,d,e). The result is that 
states connected by e-transitions will have identical binary representations, because these 
€ are transitions of signals which do not belong to this subcomponent. Therefore, they can 
be collapsed together into one state, as indicated in Fig. 5.2e. In this state graph of the 
subcomponent, d, and e+ will appear as if they represent an external choice, because they 
are enabled in the same state. The external persistency property dictates that they are 
persistent, as it is indeed the case. The subject of decomposition using contraction is an 
important aspect of our synthesis approach. It is discussed in further detail in Chapter 6. 


In summary, the external persistency property has two important consequences: (i) 
transitions of input signals to a control circuit module can always be assumed to be per- 
sistent, and (ii) input signals to a logic element within a module can be assumed likewise. 


In the design of self-timed control circuit, the notion of persistency is fundamental as it 
is the essential property of speed-independent circuits. Chapter 4 shows that from a state 
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graph, one can define a network function which gives a logic implementation of a digital 


circuit. This leads to the definition of speed-independence. 


Definition 5.4 (Speed-independence) Let 6; = (S,T,6,s0) be a state graph defined 
over a set of signals J, and f : S x J — {0,1} the network function derived from 9,. 
Then the logic circuit which implements f is speed-independent iff every transition t € T 


is persistent. 


Thus one important consideration in specifying behaviors of speed-independent circuits is 


to guarantee that all transitions in a STG specification are persistent. 


5.2.2 Characterization of Persistency in STGs 


We have defined the property of persistency in state graphs. Below we give its char- 
acterization in STGs. First we present this syntactic characterization and then give its 
justification. 


Non-persistency in STGs 


Fig. 5.3a illustrates a case with u being non-persistent in a state s; it is disabled by a 
transition ¢. Using previous notations, this is written as: tDu A uDt. The equivalent 
characterization in STG is given in Fig. 5.3b, in which t, u are concurrent and ¢ causes u.! 
As explained in Chapter 2, this non-persistency is the result of the interaction of concurrent 
signal transitions. Intuitively, the course of action tRu can be implemented by a logic 
element with input « and output j, where t = 7, and u = j,. Concurrency between u and t 
implies that while the logic element is reacting to transition ¢ of signal i to cause transition 
u of output 7, another transition t of i may be occurring simultaneously at the input of logic 
element j (Fig. 5.3c). This is commonly known as a race condition in hardware circuits 
and can lead to malfunction. Thus, we have the following syntactic characterization of 
~~ 1Note the difference between this characterization of non-persistency for STGs and that for LSFC nets. In 
the latter, a transition ¢ is non-persistent only if it is an output transition of a free-choice place. Furthermore, 


ina LSFC net, if tDu then uD¢# and vice versa, because in this case, both ¢ and u must share the same input 
place. 
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non-persistency in STGs. Recall that Ty; denotes the subset of transitions of non-input 


signals. 


Theorem 5.5 (Non-persistency in STGs) Let D) = (P,T,F,Mo) be a live STG and 
®, = (S,T,6, 30) its state graph. Then fort €T and u€ Tyr: 


(4s €S:tDuAuDt) = (tRuA {t,u} € co). 


The proof of this theorem is based on a property of state graph called input-causing-output, 
which states that 7 is an input signal to logic element j iff some transition of i enables or 
disables some transition of j. Let I(j) denote the set of input signals to a logic element 
whose output is j; I(j) is called the input set of 7. Formally, the input-causing-output 
property states that: 
tET(j) & (iE ju) V (tn Dje)- 

First, we discuss the proof of the above theorem, then we will give an explanation of this 
property. 


Proof. Let t = 1%, and u = j,. (<) If there is no interaction due to the causal relationship 
between transitions of signals 1 and j then the condition {t,u} € co implies ds € S : 
s[u)s"[t) A s[t)s‘[u). We argue that due to the causal relation Ru, the condition {t, u} € co 
implies Js € S: s{u)s"[t) A s[t)s’ but not s’{u); ie. u cannot be enabled in s’ or 
equivalently, ¢Du. 


According to a result developed earlier in this section, the condition ¢{Ru implies that 
tEu. Furthermore according to the input-causing-output property, it also implies that i is 
an input to logic element j. Since the STG is live, ¢ and ¢ are ordered and hence ¢t must 
fire some time after t. Also, since ¢t and u are concurrent, there must be a state s in which 
both ¢ and u are enabled. At s, the firing of t must disable u because u are enabled by t 
and the firing of t changes the state which results from the firing of t. 


(=>) Since there exists a state s in which both t¢ and u are enabled, it follows that either 
they are concurrent or in direct-conflict. If they are in direct-conflict then tDu A uDt. 
However, since we have tDu A uDt, this is not the case, hence {t,u} € co. Furthermore, 
according to the input-causing-output property, tDu => i € I(j) > either tRu or tRu. But 
since both ¢ and u are enabled in state s, it cannot be the case that tRu. Hence it must 
be that Ru. Thus, we have {t,u} € coAtRu. | 
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Figure 5.3: Characterization of non-persistency in (a) a state graph, (b) its STG and (c) 
as hazards in the hardware circuit. The persistency constraint (shown as a bold arrow) 
in (e) eliminates non-persistency from the state graph (d); harzard is eliminated from the 


hardware circuit (f). Note that t= 7, and u = j,. 
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The Input-causing-Output Property. This property reflects the way hardware cir- 
cuits behave; it is based on the fact that two transitions can enable or disable each other if 
and only if one is the input to the other. For every signal j € J, let I(j) denote the set of 
input signals to logic element j. In the following, we give an explanation of this property 
and show that the input set I(j), as defined above, is indeed equivalent to {i € J | 7.Rj.}, 
the set of signals whose transitions cause those of 7 in a STG. This equivalence is the key 


to our decomposition technique introduced in Chapter 6. 


The input-causing-output property states that Vi € J,Wj € Jy; (J is the set of signals): 
tEl(j) & 38 € S:1,£7,.Vi,Dj, in s. Let t =i, and u = j,. The > direction is obvious: 
if transitions of 7 cannot enable or disable those of j then i can be eliminated from the set 
of input signals to logic element j. . 


i € I(j) <= tEu. Again, consider Fig. 5.1a, in which s[t)s’[u). Note that 7 is the only 
signal which changes in going from s to s’. Since u is not enabled in s but it is in 3’, u 
must have been disabled due to the transition of signal i. This is possible only if 2 is an 


input to logic element j. 


t € I(j) = tDu. In Fig. 5.1b, there exist states s,s’, s” such that s[t)s’ and s[u)s”, but 
u ¢ Tx(s’). In state s transition u is enabled, but in s’, it is not. Since the only signal 
which changes going from s to s’ isi, u must have been disabled by the transition of signal 


t. This this is only possible if signal ¢ is an input to the logic element j. | 


An implication of the above property is the equality I(j) = {i € J |7,.Rj.}, which can 
be derived as follows. Recall that I(j) denotes the input set of logic element j. 


From the above characterization of non-persistency, (Js € S:tDuAuDt) # (fRuA 
{t,u} € co), it is evident that the condition for a transition ¢ to disable another transition 
u is that t causes u. Let t= i, and u = j,, then tDu + 1,Dj, and tRu + i,£j,. Hence 
we have 1,£)j, => 1,Dj,. From the input causing output property, we have that since 
nL j, > 1.Dj,: Ij) = {te J | iu.£j.} = {ie J | i.Rj.}. 


A syntactic condition for persistency in STGs: the Persistency constraint 


There are two mechanisms which give rise to non-persistency. One of which has been char- 
acterized above; it arises due to the interaction of concurrent signal transitions which are 
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parts of the sequencing specification. This violation of persistency can always be eliminated 
by introducing additional ordering constraints into the specification. Such constraints are 
called persistency constraints and are discussed below. The other type of non-persistency 
is a by-product of the state assignment process, and can only be eliminated by introduc- 
ing additional bits to differentiate supposedly distinct states, as will be discussed in more 


detail in the next section. 


As illustrated in Fig. 5.3a, transition u is non-persistent as it is caused by ¢, but at the 
same time it is concurrent with t. In order to eliminate non-persistency in this case, we can 
introduce an ordering constraint between u and ¢ so that they are no longer concurrent; 
this is shown in Fig. 5.3e as the bold arrow, and it is called a persistency constraint. In 
its state graph (Fig. 5.3d), u becomes persistent because no instance of ¢ can disable it. 
In the hardware implementation, the introduction of a persistency constraint corresponds 
to adding a feedback signal from the output 7 to the input of logic element 7, as shown in 
Fig. 5.3e. We can formalize this as follows. 


In X;, let R C T x T denote the causal relation. An R-path is defined as a simple path 
4 R2R...Rty, fort; €T,1 <i<n and ty #t,. Then Rt denotes the transitive closure 
of R, ie, Vz,y € T : cRty + 4R-path from z to y. Since Dy is strongly connected, Rt 
is not a particularly useful concept, for Vz,y € T.: cRty A yRtz. Hence, we define the 


following directed transitive closure R® : 


Vz,y€ T(c #9): 2cR’y iff there exists an R-path from x to y which does not contain 


The existence of an R-path from z to y will be depicted graphically as r —+, y. 


Definition 5.6 (Persistency Constraints) Let D; be a STG as defined earlier. Then 
Ve € T, Vy € Tyr such that cRy: the R-path such that yR°Z is called a persistency 
constraint. 


It can be seen that the presence of a persistency constraint creates a simple cycle which 
contains z,Z and y so that they are ordered. Using in conjunction with the external 
persistency property, persistency constraints provide the condition on STGs such that 
their state graphs are persistent. An STG satisfying this condition will be simply called a 
persistent STG. 
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Theorem 5.7 Let Dy = (P,T,F,Mpo) be a STG. Then XZ is persistent iff 


V2 ET, Vy€ Tn: tRy > yRs. 


5.3. A problem with state-assignment 


As mentioned earlier, non-persistency may sometimes arise in a state graph due to state 
assignments. Nevertheless, we do not incorporate this latter phenomenon into Theorem 5.7 
because it is a by-product of state assignments and is by no means related to the required 
sequencing specification of a STG. In Section 2.5, we have introduced this problem. In 


this section, we discuss it in more detail. 


We generalize the example presented in Section 2.5 to STGs corresponding to marked 
graphs and LSFC nets. Let © = (P,T,F,Mo) be a LS marked graph and C,C’ be cuts 
in 5. Then the interval between two cuts, denoted by [C,C’], is defined as the subset of 
PUT which belongs to all simple paths from an element in C' to one in C’: 


[C,c)# {ee PUT | re path yys..-¥n 
v1 E Cry. EC’, 
vit y;, forl<ifAgecn 
and ¥i,yj € PUT} 


An example of an interval between p-cuts C, and C;, is shown in Fig. 5.4a, where 
C, = {(z, ts), (x, t3)} and Cf = {(x, ts), (t2, ta), (te, y)}. It can be seen that [C,, Ci] NT = 
{t1, ty, ta, ty}. 


In a STG, a complementary set B C T is defined such that Vz ET: ctEBeczcesB. 
That is, B contains both the rising and falling transitions of a signal. In a live STG 
corresponding to a marked graph, for every p-cut C,, [C,, C,] forms a complementary set. 
Then the state assignment problem arises if the following conditions are true in the STG, 
as illustrated below. 


In Fig. 5.4b, markings M and M' correspond to p-cuts C, and C), respectively. Since 
[C,, C}] forms a complementary set, from the binary state s corresponding to M, the firing 
sequence t,¢2t,t2 leads to a binary state s’ which is identical to s. Thus in the state graph, 
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any transition enabled in state s is also enabled in s’, and vice versa. In Fig. 5.4b, if t, is 


a transition of a non-input signal, it may oscillate as long as tz has not occurred. 


On the other hand, the interval [C,,,C},] also forms a complementary set, causing the 
markings M, and Mj (corresponding to Cy, and C),, respectively) to have the same binary 
representation. Hence in the state graph, there is a binary state in which both t, and t, are 


enabled. If either t; or t4 is a transition of a non-input signal, non-persitency will result. 


In the following lemma, for sets A and B, A+B denotes their symmetric difference: 
A+B=(A-—B)U(B-A)=AUB-ANB. 


Lemma 5.8 Let Sy = (P,T,F,Mo) be a STG whose uninterpreted net is a LS marked 
graph. Then Xy has a state assignment problem if there exist distinct p-cuts C,,C), and 
transition t € Tz such that 


(a) [C,,C{] forms a complementary set, and 


(b) t€(C,- +Cl) A tOC,UC! 


Proof. Let M,M’ € [Mpo) denote the marking under which C, and C} are marked, re- 
spectively. Consider any firing sequence o € T* such that M[o)M’, then o must fire all 
transitions in [C,,C3]. Let s,s’ be binary representations of M,M’, respectively; s and 
s’ are states in ®;. Since [C,,C)] forms a complementary set, if o contains transitions x 
then it must also contain Z. Hence s = s’ and thus every transition t such that -t C C, or 


-t € C) is enabled in s. There are two cases: 


e if transition ¢ belongs to Cy - MC}: then it is enabled in both markings M and M’. 
Hence the fact that M and M’ have the same binary state cannot cause any problem. 
e Therefore, only in case t € (C,-—C}-) U(C}- —C,-) that t is enabled in one marking 
but not the other. Thus if both markings have the same binary representation, t¢ will 
be enabled in some state which it is not supposed to. If t € Ty; then Dy has a state 
assignment problem. | 


This result generalizes directly to STGs which are LSFC nets. As discussed in Chapter 
3, Theorem 3.6 states that in a LSFC net, every MG-component can operate indepen- 
dently in its subset of live-safe markings. Hence for LSFC nets, the above conditions for 
persistency must be satisfied by every MG-component of the net. 
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Figure 5.4: (a) A part of a marked graph with p-cuts resulting in non-persistency due to 
state assignment and (b) its state graph. Note that markings M and M’ have the same 
binary representation. 


Theorem 5.9 Let Dy = (P,T, F, Mo) be a STG. Then Xy has a state assignment problem 
if there exist distinct p-cuts Cy,C), in some MG-component and a transition t € Tyz such 


that 
(a) [C,,C}] forms a complementary set and 


(bt) t€(C,- +Ch) A t+CC,UC! 


Chapter 6 


Decomposition by Net Contraction 


This chapter develops one major result for the structure theory of nets. It discusses 
a novel method of decomposition of finite automata, using a graph-theoretic technique 
called contraction. We are only concerned with finite automata which are derived from 
LSFC nets, and for convenience, they will be referred to simply as FA in this chapter. 
This method does not decompose the FA directly; instead, it contracts the nets to produce 
smaller ones and then generates FA for these smaller nets. 


The purpose of decomposition of FA is to facilitate analysis and synthesis of systems 
in an effective manner. One specific application of decomposition is in the implementation 
of control circuits. Efficient implementations can be obtained by decomposing the state 
graphs to minimize the interaction between variables corresponding to signals of the circuit. 
For state graphs (which are FA derived from STGs) there is a straightforward method of 
decomposition based on the causal relation in the STGs. STGs and state graphs can 
be decomposed by performing contraction on them to produce a number of contracted 
graphs; each of which contains the minimum amount of information required for the correct 


implementation of each signal in the circuit. 


As explained earlier, we are mainly interested in the behavior of nets as given by sets of 
transition sequences. From this viewpoint, an abstraction of net behavior basically involves 
the removal of unwanted transitions from the sequences. Hence, our abstraction method 


will involve contracting a net by eliminating unwanted transitions from it. 


In Section 1, we describe two contraction algorithms, one for Petri nets and one for finite 
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automata corresponding to reachability graphs. An example will be given to illustrate the 
operations involved in these algorithms. In Section 2, we study the conditions under which 
certain properties of nets are preserved. These include live and safe-ness, and a property 
called tr-preserving, indicating the preservation of the temporal relation in contracted 
nets. In Section 3, we develop a major result which establish the equivalence between the 
behavior of a set of contracted nets and the behavior of the original net. In Section 4, these 
net-theoretic results are applied to STGs to provide a simple method for decomposition of 
state graphs, from which highly efficient implementations can be obtained. 


It is important to note that these results only apply to nets which satisfy all the re- 
strictions of structure theory stated so far in the thesis. To recapitulate, these restrictions 
on nets consist of the following: (+) finiteness and safeness (11) the use of unlabeled transi- 
tion sequences and (tit) the one-token SM restriction. The most important of these is the 
one-token restriction because, as discussed in Chapters 2 and 3, the temporal relation can 
only be defined for nets satisfying this restriction. In this chapter, all results developed 
are based on this restriction. 


6.1 Contraction Algorithms 


6.1.1 Contraction of Petri nets 


In this section, we describe contraction algorithms for free-choice nets and their FA. The 
essential idea in these algorithms is to consider only the subset of transitions of direct 
interest and ignore the rest. A contracted net contains only transitions of interest, and 
other transitions are eliminated by performing “local surgery” to remove one transition 
at a time. It should be stressed that contraction is different from reduction of nets for 


obtaining component subnets as described earlier in Chapter 2. 


Let & = (P,T, F,Mpo) be a LSFC net, T’ C T be the subset of transitions of interest. 
Then 2/T’ denotes the T’-contracted net of L. In the following contraction algorithm, the 
set X = T—T’ will be eliminated from ©, resulting in L’ = 0/T’. The algorithm eliminates 
one transition in X at a time and is applied iteratively to the net until all transitions in X 
are removed. In each iteration, the elimination of a transition t, € X only affects places 


in -t, Ut.- and arcs connected to these places, the rest of the net remains unchanged. 
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Algorithm 6.1 (Net contraction) Let 5 = (P,T, F,Mo) be a net and T’ = T — {t,}. 
The T'-contracted net of 5, X! = (P',T’, F’, M6) is obtained as follows. 


(a) Collapse input and output places of t, to create a new set of places P’: 
Let P' = “te x hae, %.€., Vp; E ‘teVp; E te : let p' = {pi, ps} € PF". 


(b) Redefine the flow relation between these new places and the rest of the net: 


Vp€ p(e P’) if Ste T': (t,p;)E F then (t,p)) € F’, 
Vp; € pi(e P’) if 3teT’: (p;,t)e F then (p’,t) € F". 


(c) Replace the remaining part of the net: 
Add P, = P—(-t.Ut,-) to P’. Add FO (P, x T’UT’ x P,) to F’. 


(d) Determine the new initial marking: Vp' € P!: Mj(p') = pep Mo(p). 


Some examples of net contraction are given in Fig. 6.5, where (a) is a contraction on 
a part of a marked graph, (b) a state machine and (c) a free-choice net. Note that a 
contracted net of a free-choice net may no longer satisfy the free-choice axiom; however, it 
is still behaviorally equivalent to a free-choice net. Even though we trust that the results 
developed here also apply to these nets which are non-FC (but behaviorally FC, and the 
like), to avoid net-theoretic difficulties, we will require that contraction be only applied to 
transitions which do not create non-FC structures in contracted nets. 


Notes. After every iteration of the algorithm, the contracted net ©’ must be checked 
for place-stmple- and pure-ness: If there exist distinct places p,; and p, in L’ such that 
(-pi = -p2) A (pi: = pa’), then it is legitimate to remove either p, or pz to make D’ simple. 
If there exist a transition ¢ and a place p in D’ such that p- = {t} and -p = {t}, then 
the self-loop containing p,t can be eliminated by removing p, thus keeping the contracted 
net pure. This is also a legitimate operation because p is connected only to ¢ and no 
other transition; p is often called a side condition. On the other hand, place p cannot be 
eliminated if it has other input or output transitions different from t. In which case the 
resulting contracted net is impure. Hence, even if the original net ¥ is pure, &’ may not be. 
Below we provide some restrictions on the contraction algorithm so that these undesirable 


situations will not occur. 
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Figure 6.1: Examples of contraction on (a) a marked graph, (b) a state machine and (c) a 
free-choice net. 


Restriction 6.2 (on net contraction) In the above contraction algorithm, a transition 


t, can be eliminated only if tt satisfies the following conditions. 


(a) No place p€ (-t. Ut.:) can be an input place of transition t € -(-t.) (Fig. 6.2 a): 


VteE -(-te): pe(tUt-) > p¢-t, 


(b) No place p' € (-t. Ut.-) can be an output place of transition t' € (t.-): (Fig. 6.2b): 


Vt E(t): p'E(t-Ute-) > p¢t'-. 


It is easy to verify that these situtations create either impurities or deadlocks in con- 
tracted nets and hence should not be allowed. In the above algorithm, if there exists a 
place p; € -t- such that p; is also an input place of t € -(-t,), then since the net is safe, 
this leads to a deadlock. On the other hand, if there exists a place p; € t,- such that p, is 
also an input place of t € -(-t.), then the path tp;t.p,t exists (where p; € t-M-¢,). After t, 
is eliminated, there will be a self-loop tp’t where p’ = {p,,p;}, resutling in an impure net. 


As a matter of fact, these situations are so unnatural that it is reasonable to put forth 
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Figure 6.2: Elimination of t, is disallowed if some input or output place of t, is also (a) 
input place of t or (b) output place of t’. The dashed arcs are those causing these violations. 


an additional requirement for nets, which is that all transitions in a net satisfy the above 


restriction. 


6.1.2 Contraction of Finite Automata 


An example has been given in Chapter 5 (in the subsection entitled “Justification for the 
External Persistency Property”) to illustrate the main idea behind contractions of state 
graphs. Below, we consider contraction in more general terms as applied to uninterpreted 
FA. One can define a contraction on FA by restricting the set of transitions to a subset 
of interest and replacing the rest with ¢, the silent transition. In general, since a FA 
may have more than one instance of any transition, such an operation on FA may result in 
nondeterminism in the contracted FA if there is a state with more than one emanating arcs, 
each labeled with the same transition (including the silent transition €). For the purpose 
of implementation, we are only interested in systems whose behaviors are described by 
deterministic finite automata. Hence these nondeterministic FA need to be converted 
to deterministic ones. Instead of using common method such as the subset construction 
method to produce a deterministic automaton, we use the following two simple rules which 
are actually properties of the transition function of state graphs. They have been discussed 
informally before in Chapter 5, and are stated in formal terms below. Let & = (5,T, 6, 59, g) 
be a FA, then it is required that 


(a) Vs,s'E S,Wte TU {e}: (3! = 6(8,t)At=e) & s=s'. 
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Figure 6.3: Illustration of rules for contraction of FA. 


(b) Ws1, $2, 34,35 € S, Wt, te € T : 34 = 6(33,t1) A 34 = 6(52, te) A(t = te) > (91 = 526 
si = sf). 


Rule (a) states that if two states are connected by a e-transition, then they can be collapsed 
into one “super-state” (Fig. 6.3a). Rule (b) can be rephrased as two sub-rules: if (i) 8; = 32 
and t, = t2 then s{, 3 must be the same and can be collapsed into one state (Fig. 6.3b); 
similarly, if (ii) s, = s, and t; = t, then 51,82 must be the same and can be collapsed 
into one state (Fig. 6.3c). The reasoning behind these rules has been described in Chapter 
5: silent transitions correspond to transitions of signals not considered in the state of the 
module of interest and hence, they are eliminated from the state vectors. 


In a nondeterministic FA (S,T, A, 9,q) where A C S x (TU {e}) x S, we say that an 
é-path exists from state s; to s,, denoted as 3,[€...€)3n, if there exists a path 8132... 5, 
such that (s;,€, 41) € A, 1 <i <n. Note that Vs € S$: s[e)s and hence there is always 
a zero-length e-path from any state s to itself. In the following algorithm, let 6 and 6/T" 
denote a FA and its T’-contracted FA. The idea of the algorithm is to replace transitions 
to be removed with e and then collapsed states connected by e-paths into a super-state; 
nondeterminism can be resolved by applying the above rules; the new initial state will be 
one which contains the original initial state. In contrast to the contraction algorithm for 
nets which removes one transition at a time, the algorithm for FA involves the removal of 
all instances of a transition. The simple reason for this difference is that in a net, each 
transition in T' is required to have exactly one appearance, whereas in a FA, it can appear 
many times. 


Algorithm 6.3 (Contraction of Finite Automata) Let @ = (S5,T,6,39,q) and T’ C 
T. The T'-contracted FA of , ®' = @/T’ = (S',T’, 5’, 35,9’), is obtained as follows. 
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(a) Relabel unwanted transitions with e: let AC S x (TU {e}) x S such that 
Vs,3'€ S,WteT: 6(s,t) = 3’ => (s,t{T’,s’) EA. 
(b) Collapse into a superstate all states connected with e-paths: 31,32 € S such that 


8;[€...€)32 or Sale...€)31, define s’ € S’ (C P(S), the power set of S) such that 


81,32 € 3. 


(c) Redefine transition relation: Define A’ C S' x T’ x S’ such that Vs € S,Vt ET: 
(As; € s' € S’: (s,t,3;)E A) => (s,t,s’) € A’ 
(As; € s’ € S’: (8;,t,8) EA) => (8',t,8) E A’ 

(d) Resolve nondeterminism: Vt € T’, W831, 52, 81,34 € S’: 


((81, t, 31) € A’A (82, t, 33) € A’) > (81 = 52 4 31 = $}). 


(e) The new transition function is obtained as follows. Define 6’: S'x T’ — S' such that 
Vs,s'€ S’,WtE T’: (s,t,s')}E A’ > 6(s,t) = 3". 
The new initial state and the new set of final states are 


8 ES’ tf x € 8’, 
{s' ES’ | s'Nqg FO}. 


/ 
$9 


7’ 


An example. Fig. 6.4a and Fig. 6.4b are a live-safe marked graph and its state graph, 
where T = {to,t,,...,tg, tg}. For the sake of clarity, places are not drawn explicitly. By 
performing T’-contraction, where T’ = T — {t2, tg}, the net is contracted to one shown in 
Fig. 6.4c. The removal of transition tg results in the replacement of four old places by four 
new ones. Similarly, the removal of tz causes places (t,, tz) and (tz, t4) to be collapsed into 


a new place (t1, t4). 


The state graph of Fig. 6.4a is given in b. By performing T’-contraction on this state 
graph, a new one is obtained as shown in Fig. 6.4d. The operation involves replacing t2 and 
ts with silent transitions e and then collapsing states connected by e-transitions together. 
Note that the contracted state graph in Fig. 6.4d is also the state graph of the contracted 
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ts 


(d) 


Figure 6.4: (a) Contraction on this FC net yields (c). (b) Contraction of this state graph 
yields (d). In this example, (d) is also the state graph of (c). 


net in Fig. 6.4c. Thus in abstracting the behavior of a net, one can choose either the path 
a-b-d or a-c-d. In generally, the latter path is computationally more efficient because a 
net always contains no more transitions than its state graph. In this example, contraction 
on the net requires the removal of two transitions, while contraction on the state graph 
requires four (three instances of t2, one of tg). In the next section, we will examine the 
conditions such that both paths yield the same state graph. By satisfying this condition, 


one can choose the more efficient path a~c—d most of the time. 


6.2. PROPERTIES OF CONTRACTION 105 


6.2 Properties of Contraction 


Not every subset T’ C T yields a useful or even meaningful contraction on a net. We need 
to choose subsets with restrictions such that the contracted net preserves certain impor- 
tant properties of the original net. We will study the conditions under which contraction 
preserves live and safe-ness and the temporal relation on remaining transitions of a con- 
tracted net. Due to the level of complexity involved, we will consider separate cases for 


state machines, marked graphs and lastly, free-choice nets. 


In the following, let © = (P,T, F, Mo) be a LSFC net, &! = (P’,T", F’, Mj) = u/T"' be 
the T’-contracted net of £. First we introduce the notion of preservation of the temporal 


relation called tr-preserving. 


Definition 6.4 Let be a LSFC net satisfying the one-token SM restriction, and L! = 
u/T" be its T’-contracted net. Let tr = liUcoUcf and tr’ = li/Uco’Ucf" be the temporal 
relations in X and X’, respectively. Then the T’-contraction on X is tr-preserving iff 
lii Cli A co’Cco A cf’ Ccf. 


Note that this definition does not require that direct conflicts be preserved. The reason for 
this is related to the way one defines the boundary of a control circuit module, as explained 
in Chapter 5. 


Below, the condition for tr-preservation for state machines is derived. The removal of 
transition ¢, from a state machine will affect only two places: the input and output places 
of t., because in state machines each transition has exactly one input and one output place 


(Fig. 6.5). 


Lemma 6.5 Let 5 be a live-safe state machine, D' be its T’-contracted net, T’ = T — {t-}. 
Let {p;} = -t- and {p;} =t.-, then the T’-contraction on & is tr-preserving iff 
Ip-|=1 V [pl =1. 


This lemma essentially requires that the input place of the removed transition have exactly 


one output transition, or its output have exactly one input transition. If both places violate 


106 CHAPTER 6. DECOMPOSITION BY NET CONTRACTION 


this condition (Fig. 6.5a) then the removal of ¢, results in a net in which the temporal 
relation no longer preserves (Fig. 6.5b). 


Proof. First, note that since t, has only one input and one output place, the removal of t, 
results in merging these two places into a new one. Hence if © be a live-safe state machine 
then ©’ is also a live-safe state machine because L’ is strongly connected and contains 
exactly one token. 


(=>) Suppose that dt,,t; € T : py = {te,ti} A-p; = {te, t;} (Fig. 6.5), we show that 
li’ Z li and cf’ ¢ cf. 


If {t;,t;} € ef then there exists no simple cycle in D containing both t;,t;. In ©’, 
p; and p; are collapsed into p’ = {p,,p;} and we have (t;,p’),(p’,t;) € F’. Since D’ is 
strongly connected, there must be a simple cycle containing both t,,t;, ie. {t,;,t;} € li! or 
{t;,t;} ¢ cf’. Hence cf’ ¢ cf. 


If {t;,t;} € li then there exists a simple cycle in D containing both t;,t;. There must 
be a simple path II’ from p; to p; because & is live. Because t; and t; are contained in a 
simple cycle, there must be another simple path II from t; to t; which does not intersect 
II’: II and II’ form such a simple cycle (Fig. 6.5a). Let ¢(# ¢;) € II and ¢’(# t;) € TI’, then 
it is also true that {t,¢’} € li. In &’, p; and p; are collapsed into a new place p’ (Fig. 6.5b) 
and t,t’ no longer belong to the same simple cycle. Hence {t, t’'} € cf’, or {t,t} ¢ li’. So 
li’ ¢ li. Note further that a new firing sequence ...t;t;... is introduced in L’. 


(<=) It can be verified easily that if either p;- = {t,} or -p; = {t.} then the collapsing 
of p; and p; in a new place does not affect the relation between any two transitions. Thus 
li’ C li and cf’ C cf. a 


The condition for tr-preservation for marked graphs is more complicated due to the 
fact that every transition in a marked graph may have more than one input and output 
places. 


Lemma 6.6 Let © be a live-safe marked graph satisfying the one-token SM restrictson, 
XL’ be its T'-contracted net, T’ = T — {t.}. Then T’-contraction on & 1s tr-preserving iff 
Vt; € -(-t.), Vt; € (te-)-, there extst simple cycles 2, = t;p,t....t; and Q, = t;...tepjt; such 
that |Q3NQ2| > 1 (Fig. 6.6a). 
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Figure 6.5: Proof of Lemma 6.5. (a) A state machine ¥ with p,- = {t,,t;} and -p; = {t,, t;}. 
(b) The state machine ©’, resulted from collapsing p; and p; into p’. 


Essentially, the above lemma states that T’-contraction is tr-preserving iff there exists 
a pair of simple cycles—one containing t;,t., the other t;,t-—-which intersect at another 
transition different from t,. Fig. 6.6a shows a marked graph which violates this condition: 
the cycles 2; and Q, intersect at only one transition t,. In which case, the removal of ¢, 
creates a new simple cycle (Fig. 6.6b) which totally alters the temporal relation. Since 
places in a marked graphs are uniquely identified by their input and output transitions, in 
order to simplify notations in the following proof, we use the causal relation R as defined 
earlier. Recall that t;Rt; + dp € P: (t;, p), (p,t;) € F. 


Proof. For every t,t' # t., if {t,t’} € li then there exists a simple cycle containing both 
of them. Then it is easy to see that {t, t’} € li’ because contracting t, cannot remove any 
simple cycle from the net. Thus we only need to show that under the condition stated, 
co’ C co. 


First, note that C, = -t, and C, = t,: are p-cuts, and every t € -C, is ordered with at 
least one t’ € Cj, ie., {t, t’} € li. Hence, if {t;,t;} € co then Jt’ € C)-: {t,t’} € li and 
dt € -C, : {t,t;} € li. In other words, there exist simple cycles 21, M2 such that t;,t’ € 1 
and t,t; € Q2; Ni, N2 must intersect at t. (Fig. 6.6a). 


(=>) Suppose that 2302 = {t.}. Then in D’, the removal of t, introduces 1;R?’, 
t:Rt;, tRt' and tRt; (Fig. 6.6b). This introduces a new simple cycle ¢,t;...tt’...t;. Hence 
{t;,t;} ¢ co’. Note further that this cycle always contains two tokens; under the one-token 


SM restriction, this results in unsafe behaviors. 


(<=) Suppose that du € T:2,NQ2 = {t.,u}. Then in D’, even though the removal 
of t, still introduces t;Rt’, t;Rt;, tRt’ and tRt;, this only creates the non-simple cycle 
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(b) 


Figure 6.6: Proof of Lemma 6.6 (a) A marked graph © before contraction and (b) its 
contracted graph ©’. 


tit;...u...tt’...u...t;. Hence no new simple cycle is created and {t;,t;} € co’. | 
The following result comes immediately from the proof of the last lemmata. 


Corollary 6.7 Let & be a live-safe marked graph (or state machine) satisfying the one- 
token SM restriction, X’ be its T'-contracted net, T’ = T — {t.}. If T’-contraction on D is 
tr-preserving then >.’ ts also a live-safe marked graph (state machine). 


Using lemmata 6.5 and 6.6, we can derive the following conditions for tr-preservation 
for LSFC nets. 


Theorem 6.8 Let X be a LSFC net satisfying the one-token SM restriction, X' be tts T’- 
contracted net, T’ = T — {t.}. Then T’-contraction on & ts tr-preserving iff the following 


two conditions are true: 


(a) Vp; € -te: |pp-|=1 or Vp; Ete: |-p;| =1. 


(6) Vt; € -(-t.) Vt; € (te-)+ : there exist simple cycles Qy = tipite...t; and Q2 = t;... tep;t; 
such that |[Q)N.| > 1. 


Proof. (a) The proof for this part is similar to that of Lemma 6.5 for state machine, except 
that for LSFC net, |t.-| > 1 and |-¢,| > 1. According to Lemma 6.5, T’-contraction is not 
tr-preserving iff 

Ap; € -te, dp; € ter: [pi- | > LA|- pj] > 1. 
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Hence in order for cf’ C cf, the negation of the above statement must be true; in the case 
of LSFC nets, this yields (a). 


(b) The proof for this part is similar to that of Lemma 6.6 for marked graph. However, 
for LSFC net if {t;,t;} ¢ li, besides the possibility that {t;,t;} € co, one also has to 
consider the case of {t;,t;} € cf. However, in this latter case if condition (a) is satisfied 
then {t;,t;} € cf’. Furthermore, if {t;,t;} € cf then there exist two simple cycles 2; and 
Q2 which intersect at p;, t- and p;; hence |2;NQ3| > 1 and this is consistent with condition 
(b). i. 


The contraction being tr-preserving implies that local change due to the removal of t, 
does not affect the global structure of the net: no new simple cyle can result in Z’ due 
to contraction, and hence if a simple cycle in Ny contains a token, then it still contains a 
token in Ny:. This implies that the contracted net is also live-safe. 


The main result of this section is that if © is a LSFC net and ©’ is its contracted net 
such that the contraction is tr-preserving then ©’ is also live-safe. To prove this we first 
show the following lemma. In the sequel, we will denote the set of firing sequences of a net 
2D; by F'S;, that of a contracted net L! by FS}. 


Lemma 6.9 Let © be a LSFC net satisfying the one-token SM restriction, and 0! = 3/T’, 
where T’ = T — {t,} and T’-contractson is tr-preserving. Then for every SM-component 
iy of X, there exists a SM-component D} of &' such that D, = ¥,/T’ and FS = FS,{T", 


and vice versa. 


Proof. Note that a SM-component comprises of a set of simple cycles which intersect each 
other at places. 


We need to show that (1) for every SM-component ©, of 5, there exists a SM-component 
Xj of 2, such that X} = D)/T" and furthermore, FS; = F'S,[T’, and that (2) the contracted 
net &’ can have no more SM-components than L. If these two facts are true then the lemma 


is proven. 


Consider any SM-component 4, which contains ¢t,, then in D, there exists a simple 
cycle 2 containing t.. In 2, let p;,p; be the input and output place of t,, respectively. 
Since 5; is an SM-component, all transitions connected to p; and p; also belong to 2}. 
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Now, eliminate t, from ©. 


1. When ¢, is eliminated from the SM-component D1, every simple cycle containing 
t. gets contracted to a new one with ¢, removed and places p,,p; collapsed into a new 
place p’ = {p;,p;}. All transitions previously connected to p; and p;, except t., are now 
connected to p’ instead. Hence in the contracted net, every cycle in D, containing t, 
becomes a contracted cycle with ¢, removed, and other cycles in ©, which intersect at Pi 
and p; will now intersect at p’ instead. Thus in the contracted net there is a SM-component 
<x} which contains all transitions of £, except t.. By the definition of net contraction, we 
have ©} = L,/T". 


Since the contraction is tr-preserving, condition (b) of Lemma 6.8 guarantees that 
contraction does not create any “new” simple cycle in the contracted net D’ (new in the 
sense that it combines previous simple cycles containing concurrent transitions into a new 
cycle in which these transitions become ordered) and further, any cycle in © containing 
a token will contracts into a cycle containing a token also. Since the contracted SM- 
component Dj is composed of some of these contracted simple cycles, it is live-safe. Also 
since condition (a) of Lemma 6.8 is satisfied, FS] = F'S,[T’. 


2. Again, condition (b) of Lemma 6.8 guarantees that no “new” cycle is created in the 
contracted net &’. If such a new cycle were created then a new SM-component must exist 
in 5’, because every cycle is contained in some SM-component. Since no such new cycle is 
created by contraction, no new SM-component can result. This implies that the number 
of SM-components in the contracted net &’ can be no more than that in the original net 
bE. | 


The above result leads to the following theorem. 


Theorem 6.10 Let © be a LSFC net satisfying the one-token SM restriction, and L' = 


“/T" its contracted net,where T’-contraction is tr-preserving. Then D is also live-safe. 


Proof. Since the contraction is tr-preserving, according to Lemma 6.9, every SM-component 
of &’ contains one token each and together they cover £’. Hence according to Hack’s the- 
orem, D’ is live-safe. | 
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6.3. Decomposition by net contraction 


The significance of tr-preserving contractions is that it provides two alternatives for de- 
composing (by contraction) FA corresponding to reachability graphs of LSFC nets. On 
one hand, we could perform a desired contraction directly on a FA; on the other hand, we 
could contract a net and then generate a FA from the contracted net. It turns out the 
latter approach is almost always more efficient computationally. In case of nets being state 
machines, contraction on such nets and their FA amounts to the same operation. The 
reason it is more efficient than contracting a FA directly is that in a net, each transition 
is allowed to appear exactly once, whereas in a FA, each transition may appear several 
times. Hence removal of transitions from a net is much easier than removal of transitions 
from a FA. 


Theorem 6.11 Let = be a LSFC net satisfying the one-token SM restriction, D’ be tts 
T'-contracted net, T’ = T — {t.}. If T'-contraction on LD ts tr-preserving then 


FS(X‘) = FS(X)[T’ or equivalently $(5’) = &(2)/T". 


Proof. Ny and Ny are identical except for transition t., places in -t,Ut,- and arcs connected 
to these elements (see Fig. 6.7). Let t; denote a transition in -(-t.) and t; one in (f,-):. 
Then if o = o;t;t.t;02 is a firing sequence in F.S(X), both sequences o,t; and tjo2 must 
belong to FS(Z) and F'S(X’) because these sequences do not involve t,. 


Hence, in order to show that FS(Z’) = FS(X)[T’, we only need to establish the 
correspondence between every minimal length sequence t;t,t; in © with another ¢,t; in D’. 
Only minimal length sequences need be considered because any transition concurrent with 
t; can be fired before it, any transition concurrent with t; can be fired after it. Also, we 
need not be concerned with transitions t (4 t.) which are output transitions of places in 
-t. or input transitions of places in t,- (Fig. 6.7c); it can be easily verified that the removal 
of t. does not affect firing sequences containing t,t or tt;. 


Hence our task is to demonstrate the correspondence between t;t,¢; in 5 and ¢,t; in ©’. 
In X, some input places of t; comes from ¢,, some from other transitions; let this latter set 
of input places be P,(= -t; — ¢,-). Due to the FC hypothesis, there are no arcs between 
any places in P,; and t, (Fig. 6.7a). In &’, since places in P, are not connected to t, by any 
arcs, they remain the same; hence input places of t; come from P, and -t, x t.- (Fig. 6.7b). 
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(a) FS(X)[T’ C FS(x’) : We show that for every firing sequence M,[t;)M.[t.)M;,[t;) 
in ¥, there exists Mj{t;)Mj[t;) in D’. 


In X, M,[t;)M.[t-)M,[t;) is given: At marking M; all input places of t; are marked. 
Since the firing of t; leads to M,[t.), at M, every place in -t, — t;- must have been marked 
by the concurrent firing of transitions in -(-t, — t;-). The firing of t, leads to M;[t;); at M; 
all places in -t; are marked. Since the firing of ¢, marks only ¢,-, at M, all places in P, 
must have already been marked by the time t; fires; some of it may have been marked by 


the firing of some transition concurrent with t;, or even by ¢; itself. 


In ©’, let us construct Mj[t;)M/[t;): Let Mt’, M! be markings such that M/[t;)M}. We 
know that M/ exists because it is the same as M; except for places in -t, x t,-. Recall 
that Restriction 6.2 on net contraction states that none of the places in -t, x t,.- can be 
an input place to t;. Therefore, if t; is enabled in M,, it is also enabled in M}. The firing 
of t; at M/ marks -t, x t-- and possibly some of the previously unmarked places of P, (as 
explained above), so that all places of P, are marked. Therefore all input places of t; are 
marked, leading to Mj; at this marking, t; is enabled: Mj[{t;). We have thus constructed 
Mi{t;) Milt). 


(b) FS(X’) C FS(Z)[T’ : We show that for every firing sequence Mj[t;)Mj[t;) in X’ 
(where t; € -p’, t; € p’: for some p’ € -t, x t,-), one can construct M,[t;)M.[t-)M,[t;) in &. 


In D, since M;j[t;), at Mj all places in -t; are marked. We can break -t; into P, and 
P, = -t; — P;, the latter being a subset of -¢, x ¢.-. Then for every p' € P2, Mj(p’) = 1. 
Since only P2 is marked by the firing of t;, P; must have already been marked when ¢; fires. 


Now in ©, let us construct M;{t;)M.[te)M,[t;): Since p’ = {p;, p;} for some p; € -te, p; € 
t., in D there exists a marking M; under which p; is marked. Since p; is an output place 
of t., M; must result from the firing of t,. This implies the existence of another marking 
M, which enable t.. Thus at M, all places of -t, are marked, including p;. Therefore we 
must have a marking M,{t;) at which all places in -t, except p; are marked; since -t, is a 
p-cut, -t. — {p;} can be marked before p; by those transitions concurrent with t;. Thus we 
have constructed M,[t;)M,[t-)M,[t;). | 


The preceding results suggest the following method of abstraction for LSFC nets. Sup- 
pose we are interested in the behavior of a subset of transitions U C T of LSFC net 2. 
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Figure 6.7: Proof of Theorem 6.11 (a) The part of a free-choice net where contraction will 
occur and (b) its contracted net. (c) Cases which need not be considered. 


Then we choose the smallest subset T’ such that U C T’ C T and T’-contraction on © is 
tr-preserving. Then the T’-contracted FA of 5, 6(=)/T7", is guaranteed to be identical to 
the FA of the contracted net D’ = £/T". 


Below, we develop one major result for this chapter concerning the behavioral equiv- 
alence of a LSFC net & and a set of contracted nets of 5. We will adopt the following 
notational convention: (i) for a net D, its set of firing sequences is denoted by FS, its 
causal relation by R; similarly, (ii) for a SM-component D;, they are F'S; and R;; finally, 
(iii) for a contracted net Li, they are FS‘ and Ri. 


Theorem 6.12 Let © = (P,T,F,Mo) be a LSFC net satisfying the one-token SM restric- 
tion, and {X},55,...,U),} be a set of contracted nets of £, where Li, = O/Tj, Tj} CT, for 
l1<jgm. 


Forl1 <j < m, tf (i) Tj-contraction ts tr-preserving and (ii) the union of causal 
relations Ri; covers R, i.e. U; Ri D R, then 


FS = FS! || FS%||...|] FS‘. 


The example in Fig. 6.8 illustrates this theorem. The top leftmost net is a LSFC net © 
which is a marked graph. Also for convenience, we use the graphical abbreviation for STGs 
to show this net. The rest of the top row contains three SM-components {Z1, D2, 23}, while 
the rest of the left column contains two contracted nets of Z: {5}, 23}. In the contracted 
nets, solid arcs corresponding to part of the causal relation which are present in the original 
net 3; the union of these solid arcs “cover” all arcs in 5. The dashed arcs in the contracted 
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nets represent members of the causal relation which have no correspondence in D. Also, 


both contractions are tr-preserving. 


The above theorem states that the set of firing sequences of ¥ is the identical to one 
obtained by weaving sets of firing sequences of the contracted nets {4}, U4}. 


The significance of this theorem is that it allows net to be decomposed into smaller 
nets in any arbitrary way, and each can be used for the purpose of synthesis or analysis. If 
the conditions stated in the theorem are met, then the behavior of the original net can be 
obtained by concurrently composing (weaving) the behavior of the smaller nets. Since we 
have shown that for LSFC nets, every set of firing sequences F'S has an equivalent finite 
automaton ®, the above theorem implies that 


& = O; || 2 ||... || O.. 


Proof of Theorem 6.12. Let {X1, D2,..., Un} be the set of all SM-components of D. Ac- 
cording to Theorem 3.8, the weave of sets of firing sequences of the SM-components gives 
the set of firing sequences of the net, i.e., 


FS = FS, || FS: ||...|| FSn. 


Hence, every contracted net Li (1 < 7 < m) can be decomposed into n not necessarily 
distinct SM-components {Xi ;}, 1 <i <n such that 
FS; = FS}, || FSj2 |---|] P Spas 


’ 


where F'S;; denotes the set of firing sequences of ;. (This is illustrated in Fig. 6.8, 
where a contracted net in each row of the first column is decomposed into SM-components 
shown in other columns to its right. Note that even though some of the SM-components 
are the same, we list them separately to show that they are contracted version of the 
SM-components on the first row, according to Lemma 6.9.) 


As indicated above, according to Lemma 6.9, for every SM-component ©; ; of the con- 
tracted net 4, there exists a SM-component &; of D such that Li; = U,/Tj. It is easy 
to see that if the union of arcs in {L‘} cover © (U; R; 2 R), then arcs in {Z/ ;} cover the 
SM-component &,: U; Rj; 2 R;. In order to proceed with the rest of the proof, we need 
the following 
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Figure 6.8: An example to illustrate the proof of Theorem 6.12. The first row contains a 
LSFC net © on the leftmost column, and three SM-components 5, 2, £3. Below the first 
column are two contracted nets 4, 5. 
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Proposition 6.13 For every SM-component X=; as defined in the previous paragraph: 
FS; = FS}; || FS}, ||---l| FSi4, where FS‘; denotes the set of firing sequences of the 
contracted SM-component &.; = L;/Tj, as defined in the previous paragraph. 


By replacing the right-hand side of the above equation for each F'S; in the equation 
for FS, and using the fact that weaving is associative and commutative, we obtain the 
following expression for F'S: (the terms in this expression have been rearranged such that 
each column 7 contains sets of firing sequences of the contracted nets of the SM-component 


5). 


FS = FS |---| FS | -- P PSn 
= FS, |l--- ll FS de d FSi. ll 
FS tee Wl FSa5 0 Wee Wl PSon 
FSi, (le  PSje 0 Ile I PSS, 

FSina lle PS Mle I PStan 


Notice that according to Proposition 6.13, each row j yields the set of firing sequences of 
the contracted net X'. Hence 


FS = FS'||...|| FS |...|| FS%,. 


Proof of Proposition 6.13. The proof is carried out for the case with two contracted nets: 
let & be a LS state machine and L} = &/T/, U3 = £/T be its contracted nets such that 
the contractions are tr-preserving and R, U Ri D R (an example is given in Fig. 6.9). 
Let the sets of firing sequence of Z, Xj and “4 be FS, F'S{ and FS}, respectively. For 
convenience, let FS = { 0; }, FS] = { y } and FS} = { 8; }. Since the contractions 
are tr-preserving, according to Theorem 6.11, we have FS} = FS/Tj and FS} = FS/Tj, 
implying that for every sequence o; € F'S, there exist one sequence 7; € FS} and another 
8; € FS} such that ¥; = o;/Tj, 8; = o;[Tj. (For example, in Fig. 6.9, for 0; = abcf, there 
exist 7, = abcf and f, = acf; for o2 = adef, there exist 7. = adf and B, = adef). 


Since these nets are SMs, if sequence t,t2...t, € FS then (t;,tj41) € Rforl <i<n, 


and vice versa. Therefore if the causal relations Rj, R, cover R, then the above sequences 


6.3. DECOMPOSITION BY NET CONTRACTION 117 


b d b d 
v ¢ v / 
c é ¢ / 
Bio Re; 
f f 
A LS state machine Its contracted nets 


Figure 6.9: An example illustrating the weave of two contracted nets of a live-safe state 
machine. 


, and B; “cover” +;, that is ¥,||@; = o;.1 
x x %: 


Take any two firing sequences which do not correspond to part of the same simple 
cycle in 4. Since © is a state machine, they represent choices in 5. Then these two 
sequences correspond to part of two distinct cycles 2; and 0; which intersect, as indicated 
in Fig. 6.10. Let o; and o; denote their firing sequences, respectively. Let X = (9;|0;), 
this is a set which can be constructed for any two sequences representing choices in D. 


Since the contractions are tr-preserving, in D4 and Dj respectively, one can construct 
X1 = (yil7;) and X2 = (6;|8;), where +,, 6; are defined in the first paragraph of the proof 
(see Fig 6.10). If we can show that X = X,||X2, then it follows that FS = F'S{||F'S}. 


X1||X2 {oe€T"|o[T, € {yi 75} A o[T, € {Bi, Bs} } 
{o€T* | (o[T = 7% V o[T; = 93) A (6 [Ts = BV o[T = 85) } 
= {c7€T | (o[T = Ao[T, = Bi) V (o[T] = 75 Ao[T = B;) 
V(o[Ty = % A o[T; = B;) V (o[T; = 75 Ao[Tz = Bi) } 
= {c€T*|(o[T7=y%Ao[T, = 6) V (fT) = yA o[T; = B;) }U 
{oe T | (o[T]=%Ao[T, = 6) V (o[T] = 74 Ne[T2 = Bi) } 


= {o,,0;} U {f}={o,0; } =X. 


lt is more correct to write {7;}||{fi} = {o;} instead; however the above simplified notations are used for 
the sake of clarity. 
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Figure 6.10: Proof of Proposition 6.13. 


In the last line above, we need to show that 
{oeT | (o[T, =7%A0[T, = 83) V (6[T = 4 Ao[T, = Bi) } = th. 


Let Y¥ ={o €T*| (ofT] = y%Ao[T; = 83) }and Z={o0 €T* | (o[Tj = yjAo[T; = fi) }- 
Below we show that Y = {}; exactly the same technique can be used to show that Z = {}. 


First, note that since 2, and Q, are two distinct intersecting cycles, there must exist 
some t which belongs to both cycles, some t, which belongs solely to 1, and and some ?t2 
which belongs solely to 2, as indicated in Fig. 6.10. Furthermore, the conditions that (i) 
contractions are tr-preserving and (ii) Rj U Ri covers R together imply that there exist 
such t,t,,t2 which belong to both Dj and Lj (see Fig. 6.10): Condition (i) indicates that 
the structure of the net is preserved. Recall from Lemma 6.5 that it is illegal to remove 
all transitions on either branch of the contracted nets, therefore there must be some fj, tz 
which remain in the left and right branches of the contracted nets. Condition (ii) implies 
that there must exist such t), t2 which belong to both contracted nets: if no such tj, t2 exist, 
Ri U Ri does not cover R. Therefore, we have (i) {t,t,,t2} C JT] Tj and (ii) sequences 
Wi = eeticetyoy Bp Seeteetyen. 


From the definition of Y: o € Y => of[T] = ¥Ao[TZ = 8. From (i) and (ii), it 
follows that 


o[{t, ty, to} =...tt... and of{t, ti, te} =...tte.. . 


Clearly both equalities cannot hold simultaneously and hence, no such sequence o can 
exist, thus implying that Y = {}. | 
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6.4 Application to Signal Transition Graphs 


Given a STG, one can derive from it a state graph by following the procedure outlined 
in a previous chapter. In order for the implementation obtained from the state graph to 
be deadlock-free and hazard-free, the STG specification is required to satisfy liveness and 
persistency. As discussed earlier, from the state graph, one can proceed to implementation 
by determining the network function which consists of a set of logic functions, one for each 
signal. The logic function of a signal can be obtained by determining, for every state in 
the state graph, the implied value of that signal; the logic function is precisely the set of 
all implied values of a signal. 


There is a better alternative to the approach outlined above, being that of decompo- 
sition. In contrast to other decomposition methods such as those applied to the FSM 
model, a very simple alternative exists for state graphs derived from STGs. This alternate 
decomposition technique uses the causal relation in the STG to decompose its state graph, 
as described below. 


Let Sy be a STG and ©, its state graph, both defined on a set of signals J which 
can be partitioned into J = J; U Jy U Jo—the sets of input, internal and output signals, 
respectively. For every signal i € J, the input set of 1, denoted by I(i), is defined as 


I(t) 


{7 € J | j.Ri.} 
{j€J|j,Ri, V jp Ri V j_Riy V j_Ri_} 


where FR is the causal relation in Ly (In Chapter 5, we have provided the justification for 
relating this subset j,i, of the causal relation to the set of input of +). Thus J(#) is the 


set of signals whose transitions cause transitions of signal 1. 


Since in Ly, I(t) constitutes the set of signals whose transitions cause those of i, the 
logic element 1 can be implemented as a logic function with one output variable ¢ and 
input variables in J(i). Since input signals are given, we need be concerned only with the 
implementation of non-input signals, i.e. those in Jy; = Jn U Jo. Thus a straightforward 
decomposition algorithm for state graphs consist of the following steps. 


Algorithm 6.14 (Decomposition of state graphs) Let Ly be a STG and Gy be its 
state graphs. For every non-input signal i € Jnz, let J'(t) = {i} UI(t) and T(t) = 
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J'(t) x {+,—}. The set of decomposed state graphs of By ts given by 
{ (i) |4 € Jnr }, 


where ®'(t) = @;/T’(t), the T’(z)-contracted state graph of ®,. 


It is easy to see that if that if the STG has a consistent state assignment, then so do the 
contracted state graphs obtained from the above algorithm. This is due to the fact that in 
a state graph, if a transition t is removed, then so is ¢ as they are transitions of the same 
signal. Thus in every cycle in a state graph, every remaining pair of transitions 2,Z still 


alternate. Thus, 


Lemma 6.15 Let ®; be a state graph and { '(i) } its set of contracted state graphs, as 
defined above. Then if ®; has a consistent state assignment, every ®'(7) has a consistent 


state assignment. 


Based on the results developed in the previous section, there is a better way to de- 
termine the contracted state graphs. This is carried out by not performing contraction 
directly on the state graph ®,;, but by first obtaining contracted nets from the STG Dy. 
These will produce the same contracted state graphs if contractions on nets preserve the 
temporal relation. Hence, the following decomposition algorithm based on net contraction 


is more efficient. 


Algorithm 6.16 (Decomposition by net contraction) Let 5; = (P,T,F,Mo) and 
®; = (S,T,6,39) be a STG and its state graph. For every non-input signal i € Jnz, 
let 

J'(i) = {t} UI(z) and T'(t) = J'(z) x {+, -}. 
Then the set of contracted state graphs { ®'(i)|71 € Jn; } can be obtained as follows. For 
te Jn; 


(a) Determine U'(i) = Uy /T"(t) and its state graph (5'(z)). 


(b) If T'(t)-contraction ts tr-preserving then (2) is identically &(Z'(¢)). Otherwise, add 
appropriate signals from j € J — J'(i) to J'(i) such that the resulting contraction 


becomes tr-preserving. Then perform step (a) again. 
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An important note. Ina contracted net &’(7) (defined over the subset of signals J'(7) = 
{t} U I(2)) we consider ¢ as the only output signal, all signals in I(z) are input. Hence in 
u(t), I(t) x {+, —} constitutes the set of transitions of input signals, while {7;,:_} the set 
of transitions of output signals. This fact has important implication concerning persistency 
of contracted nets: in a contracted net for signal 1, we only need to verify the persistency 
of transitions of « but not those of I(z) as the latter are assumed to be persistent. Their 
persistency must be guaranteed by other contracted nets which represent other part of the 
control circuit. An example illustrating this point can be found in Chapter 7. 


Chapter 7 


A Design Example 


As mentioned in Chapter 1, we advocate the use of STGs as a tool for specification and di- 
rect realization of distributed control modules which form the control structure of a system 
organized around the distributed control principle. We have been able to provide some real 
proofs of our approach by using STGs in the design of complete concurrent VLSI systems. 
These include a self-timed packet router with a maximum measured throughput rate of 22 
Mbytes/sec [10] and a self-timed FIFO queue with a novel distributed organization and a 
measured throughput rate of 4 Mbytes/sec [9]. 


In this chapter, we stress another application area of asynchronous self-timed logic 
which is more conventional than the distributed organization proposed above. As an 
example, we examine the design of a self-timed controller for an A-to-D converter. First, 
this example serves to demonstrate that STGs can be useful for designing asynchronous 
logic in general, and secondly it is sufficiently complex to highlight most of the important 
and interesting features of our synthesis approach. This design was first published in [8]. 


Asynchronous control logic has found applications mostly in areas where the system 
inputs are inherently asynchronous. Some examples are vision VLSI systems [48] and 
interface circuits to asynchronous peripheral devices such as a disk drive. In these systems, 
asynchronous control circuits provide a modular interface which greatly facilitates system 
integration. In other cases, asynchronous circuits are almost indispensable and provides 
the highest operation rate possible; these include timing chains in dynamic and static 
memory devices [54] and even those used in synchronous microprocessors to generate extra 
cycles [22]. Given its usefulness, asynchronous logic has not been popular because of the 
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difficulties in its design and maintenance. In Chapter 1, several well-known problems with 
the Finite State Machine model and its implementation of asynchronous circuits have been 
summarized. 


This chapter is organized as follows. In Section 1, we briefly compare different design 
alternatives for A/D converters and discuss the advantage of one with self-timed operation. 
The behavior of the self-timed controller for the A/D converter is then presented and the 
construction of a STG specification is described. In Section 2, the synthesis procedure and 
implementation of the controller are discussed in detail. Finally, Section 3 provides a few 


remarks on the use of STGs for direct synthesis of control circuits. 


7.1 Specification of the Controller 


A/D converters are subject to synchronizer failure because they make use of amplifiers 
as comparators; these are either high-gain or regenerative bistable amplifiers. When the 
input voltage vin is close to the reference voltage v,es (Fig. 7.1), the response time of 
the comparator becomes unbounded and its output may take an unbounded amount of 
time to settle at a valid voltage level (0 or 1). This type of failure has been observed in 
commercial A/D converters [50]. The synchronizer problem has been studied extensively, 
and it is well-known that if the circuit is required to produce a valid output within a 
certain time then there is a finite probability P that the output will be invalid at that 
time [13]. P decreases exponentially as the time allowed for the synchronizer to resolve 
is increased. For an N-bit converter using regenerative comparators, the analysis in [21] 
gives the following lower bounds on the worst-case conversion time Tyco in terms of the 
fault probability P. For flash converters, Two > N 1n2—I1nP, where Twc is normalized to 
some time constant of the comparator. For clocked successive approximation converters, 
Twc > N(N1n2-—- InP), simply because they take N steps to perform one conversion. 
For self-timed successive approximation converters, not all conversion steps are marginally 
close to the reference voltage, hence some conversions will be fast and some slow. As shown 
in [21], the self-timed successive approximation converter becomes significantly faster than 


clocked successive-approximation converters for very low P and large N. 
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ea 


Figure 7.1: Block diagram of the successive-approximation A/D converter. 


7.1.1 Behavior Specification 


The block diagram of the successive approximation A/D converter is shown in Figure 7.1. 
The comparator senses the difference between the input voltage vi, and the reference 
voltage v,-¢ and produces a 1-bit result. The comparator has a control input Z, which 
balances it at the beginning of each conversion when Z, makes a 0-to-1 transition, and 
initiates a comparison when Z, makes a 1-to-0 transition. It also has a mutual-exclusion 
(m.e.) circuit [32] whose output is active (=1) only when the comparator output is valid. 
This circuit is required because the comparison time is a function of the difference between 
the input voltage and the reference voltage; the smaller the difference, the longer the time 
it takes for the comparator to decide. This is the familiar phenomenon due to metastability 
[13]. 


The latch and the combinational logic form a finite state machine performing the suc- 
cessive approximation algorithm. Note that this machine operates in pulse mode, a mode 
of operation different from that of the self-timed controller we are synthesizing. Due to 
the fact that this machine performs many data-dependent operations, it is more economi- 
cal and straight-forward to implement it in pulse mode instead of as a standard Huffman 
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asynchronous state machine. Data are latched on the rising transition of signal L, and 
held in the latch after L, goes low. Signal Z, goes high as soon as data are latched, and 
goes low shortly after L, goes low. The reset input of the latch is controlled by signal Req, 
so that when Reg is low, outputs of the latch are reset to the appropriate initial values. 
Signal LB is the Last-Btt signal which goes high when the converter has determined the 
last bit of the digital word. The D/A converter at the right of the diagram accepts the 
digital word produced by the state machine and generates the analog voltage v,-z. The 
combined delay of the combinational logic and the D/A converter is matched by some 
delay circuit from D, to D,. While it is possible to accomplish this timing constraint in 
a speed-independent manner using dual rail coding [32], a simple delay circuit is more 
justifiable from an engineering standpoint. 


Initially, the state of the system is 
Req=Ack= 2, = 2, =i, = L¢=0,D-= D,=1. 


Since Reg = 0, the latch is initialized with LB = 0. Thus, the and-gate whose input is Req 
is enabled and the and-gate whose output is Ack is disabled. When Reg is raised, Z, will 
go high and initiate a cycle of the successive-approximation algorithm. After each cycle, 
D, will restart another cycle by causing Z, to go high again. This is repeated until LB 
becomes high during the last cycle. This will cause Ack to be raised instead of Z, when 
D, goes high. After that, Req drops in response to Ack, resetting LB and in turns Ack to 
low. At this point the circuit returns to its initial configuration for the next conversion. 


7.1.2 STG specifications 


A Signal Transition Graph describing the operation of the self-timed controller is shown 
in Fig. 7.2. Since the circuit operation is totally deterministic, i.e. there is no data- 
dependent operation, no places are drawn explicitly. The arcs represent the causal relation 
R discussed earlier. In this chapter, we will use aRb and a — 6b interchangeably in order 
to improve readability. Intuitively, aRb (a causes 6) can be understood as as a timing or 


sequencing constraint between occurrences of two signal transitions. 


The two bold arcs in Fig. 7.2 are not part of the sequencing requirement of the circuit 
and they can be ignored for the moment; they are persistency constraints added to the 
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Figure 7.2: A STG specification of the self-timed controller. 


STG to ensure persistency, as discussed in Chapters 2 and 5. There are two subtle timing 
constraints required for the correct coordination of data and control signals: The constraint 
L,. — Z,4 guarantees that the gating signal of the latch is turned off before the comparator 
changes its output value, so that there is no possibility of latching the comparator output 
while it is changing. The constraint D,, — Z,4 ensures that a comparison is initiated 
only after a new value of v;ez is available (as signified by D, going high)." 


Finally, transitions D,._, D,., L,. and Z,— in Fig. 7.2 are simply reset transitions of 
the reset signaling handshake protocol [32]. For the control circuit which we specify, event 
occurrences are signaled over control links, using the reset signaling protocol. Usually, an 
occurrence of an event is signaled by a positive transition on the ready wire of the control 
link; its acknowledgment is signaled by a positive transition on the acknowledge wire of 
the control link. The signals on these links are then reset through negative transitions 
before the occurrence of the next event can be signaled. In this communication discipline, 
a transition on the acknowledge wire can only occur in response to a transition on the 
ready wire and vice versa. As discussed in Chapter 4, for an input link {J,, J,} where I, is 
an input ready and J, an output acknowledge, this communication interface to the external 
~ 1A specification with more concurrency can be obtained by requiring only D.4 — Z,—, thus allowing the 


comparator to be balanced while a new v,.; is evaluated. However, we will use this specification with less 
concurrency to illustrate the design procedure. 
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world is specified in a STG by the pair of constraints {I,_ — I,4,1a4 — I,-}. Similarly 
for an output link {O,,O,} where O, is an output ready and O, an input acknowledge, its 
corresponding set of constraints is {O,; — O.4,0,- — Og_}. These interface constraints 
are an example of our design rules described in Section 4.3 which states that in a STG, 
every transition of an input signal has exactly one transition which directly precedes it, 
and this transition must be that of an output signal. Transitions of input signals to the 
circuit are underlined to distinguish them from those of non-input signals. This reflects 
the fact that transitions of input signals are generated externally, whereas non-input ones 
are generated internally by the circuit. 


7.2 Synthesis from STG Specification 


The STG specification of the controller in Fig. 7.2 is a concise description of its operation 
based on the causal relation between signal transitions in the circuit. In order to obtain 
a logic implementation of the circuit from this specification, it must be ensured that the 
STG specification satisfies liveness and persistency. Liveness of the STG implies that its 
state graph is strongly connected and has a consistent state assignment, hence the circuit 
realization is free from deadlock. Persistency implies that the circuit realization is hazard- 
free. To summarize, the synthesis procedure from a STG specification consists of the 


following steps: 


(a) Meeting liveness and persistency. Checking for the state assignment problem and 
introducing internal signals if required. 
(b) Decomposing the STG into contracted nets and obtaining their state graphs. 
(c) Determining the logic equation for every non-input signal from its state graph. 


7.2.1 Meeting liveness and persistency 


It is easy to verify that the STG specification of the control circuit (Fig. 7.2) satisfies the 
liveness conditions: it is strongly connected and for every transition ¢, there exists a simple 
cycle containing both ¢ and ¢. The second condition also indicates that the state graph 
has a consistent state assignment. 
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One can view the construction of a STG from a control circuit’s behavior as a specifi- 
cation of the presence or absence of sequencing constraints between control events. Such a 
preliminary specification will usually contain non-persistent transitions due to interactions 
between concurrent signal transitions, as discussed in Chapter 5. The addition of per- 
sistency constraints essentially serve to limit the allowed transition sequences to a subset 
of the original set such that none can produce non-persistent behavior. Sometimes the 
original specification may need to be altered slightly for persistency to be satisfied. 


Without the bold arcs, in the above STG, transitions D,, and Z,, are non-persistent 

since the following conditions are true (Theorem 5.5): 

(a) Loy + D,4 and {La.,D,4} € co, 

(b) Day _ Lot and {D,-, Z,+} E co. 
To eliminate non-persistency in case (a), we have to add the persistency constraint D,, —+, 
L,.. This condition can be satisfied by introducing the bold arc D,, — L,_. In this case, 
we cannot use the arc D,, — [,_ because Z, is an input signal to the control circuit, and 
as mentioned earlier, its transition is allowed to have exactly one predecessor. 


In case (b), arc Z,4 — D,_ could be used to satisfy the persistency constraint Z,, —+, 
D,- which will ensure the persistency of Z,,. However, this arc would necessitate the 
addition of another arc D,._ -—+ Z,_ to guarantee the persistency of D,_. Instead of 
using this pair of arcs, we chose the bold arc Z,. —+ D, . which also satisfies the above 
persistency constraint. This example shows that there is more than one choice for satisfying 
the persistency constraints; hence, may help the designer make the best choice. 


With the addition of these new arcs, some of the sequencing constraints become re- 
dundant. For instance, the constraint L,, — L,_ is already satisfied by the existing pair 
La+ — D,4 and D,, — L,-. One can thus modify the specification by removing these 
redundant constraints. Two redundant constraints L,, — L,. and D,,; — D,. can be 
removed from Fig. 7.2 to produce the STG of Fig. 7.3a. 


At this point, we have modified the original specification to produce a STG which 
satisfies liveness and persistency as part of the sequencing requirement. We also need to 
check for the possibility of non-persistency due to state assignments. In Fig. 7.3a, one 
can immediately detect an R-path (Z,4,, Z.4, Z--, Za-) which results in a state-assignment 
which exhibits non-persistency. Intuitively, in the absence of any other intervening tran- 
sition, consecutive rising and falling transitions of Z, and Z, take the circuit back to the 
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same state. More specifically, there are two p-cuts 


C, 7 {(Dat, Z,+), (L,-, Z,+), (L,-,La-)}, 
C; = {(Za_,Lr4), (Z,_,D,-), (L,_, L,-)} 


as indicated by the dashed arcs in Fig. 7.3a such that (C,,C)] forms a complementary set. 


Since Z,4 satisfies the conditions of Lemma 5.8: 
Zr E(Ch + Ch) :(-2-4) CO Cy A Zp4 ¢ Tr, 


Z,+ is non-persistent. This is illustrated in Fig. 7.3b, the binary representations of both 
M and M' are 000111, where M and M’ are markings corresponding to p-cuts C, and C}, 
respectively. Starting from M, the firing sequence Z,,2Z,,Z,_Z,- leads to marking M' 
at which, in addition to Z,_ being enabled, Z,, is also enabled. This gives rise to non- 
persistency of Z,4. On the other hand, note that even though Z,~ satisfies the conditions 
of Lemma 5.7, it can be assumed to be persistent because it is a transition of an input 
signal. 


As mentioned earlier, in order to eliminate non-persistency due to state assignment, one 
can introduce an additional internal signal to permit the distinction between the binary 
representations of markings M and M’. Thus, one could introduce a signal z, and insert 
a transition of z, e.g. 24, into the middle of the R-path (Z,4,Z.4,Z,-, Za_) to obtain 
(2,4, Zot, 74, Zp, Za_). This in effect removes all complementary sets formed by distinct 
p-cuts from the STG. In order to ensure liveness of the modified STG, one has to determine 
a place to insert z_ as well. However, to carry this task out effectively, we need to consider 
the next synthesis step of decomposition. 


As outlined above, we can decompose the STG into a number of contracted nets and 
then determine their state graphs. Clearly, one could take the alternative approach of 
deriving the state graph directly from the STG (with the addition of signal z) and de- 
termining logic equations from it. However, this would involve a total of seven signals, 
and every state will be a binary representation of the set (Z,, Z,, L,, La, D,, Da,z). With- 
out decomposition, at worst, the logic equation of any non-input signal Z,,L,,D, or x 
may depend on all seven variables. Obviously, this is grossly inefficient. The alternative 
approach of decomposition can be carried out in a straightforward manner by using the 
causal relation R to produce an efficient implementation, as discussed below. 
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Figure 7.3: (a) The original STG specification with persistency constraints added. (b) Its 
state graph indicates that there exist markings M sad M’ with identical state assignments, 
which cause Z,, to be non-persistent. 
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001 


Figure 7.4: (a) The contracted net of D, derived from the STG in Fig. 6.3a. (b) State 
graph of the contracted net in (a). 


7.2.2 Implementation using decomposition 


We apply the synthesis procedure as outlined earlier to produce a circuit, starting from 
the STG in Fig. 7.3a. It will be demonstrated that when this STG is decomposed into 
reduced graphs, the state graph of one of them is non-persistent due to the lack of state 
information. As suggested earlier, this requires the addition of an internal signal z to the 
STG specification. In the following presentation, the synthesis procedure will consist of 


two passes, with the latter producing the final circuit implementation. 


First Pass. Fig. 7.3a shows that L,, D,,Z, are input signals to the circuit, while the rest 
are non-input signals whose logic equations are to be determined. The STG in this figure 
has three non-input signals D,, L,,Z,, and their input sets are J (D,) = {L,,2Z,}, 1(2,) = 
{D,, Da, Za} and I(Z,) = {L,, Da, Za}. 


The contracted net of D, (denoted by &'(D,)) and its state graph are shown in Fig. 7.4; 
each vertex in the state graph is a binary vector representing signals in the set (Z,, Z,, D,). 
From state s3 = 001, the consecutive occurrences of Z,, and Z,_ take the circuit to state 
011 and then back to 001. (A similar case occurs starting from state 101.) Correspondingly, 
in the contracted net of D,, there is an R-path of consecutive transitions of signal Z, which 


pet 
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directly precedes the output transition D,: (Z,4,Z,-,D,—). According to this state graph, 
logic element D, is implemented such that whenever it is in state s,;, it will cause transition 
D,~ to occur. However, the state assignment results in s3 = ss. Hence, whenever the circuit 
is in either state, both transitions Z,, and D,. are enabled. In which case, the transition 
sequence D,,I,.D,_ may take place instead of the correct sequence D,4I4_2Z,42,-D,-, 
and the circuit malfunctions. Moreover, transition D,_ is non-persistent because while it 
is enabled in state 33, the occurrence of Z,4 brings the circuit to state 34 in which D,_ is 
no longer enabled. 


The problem in this situation arises from the fact that it is impossible for the circuit 
to distinguish that s3 and s5 are supposedly different. In order to modify them into 
distinguishable binary states, we add another signal called z into the circuit. Since this 
problem shows up in the contracted net of D, as a pair of consecutive transitions of the 
same signal Z,, a transition of z, say 2, is inserted between them. This requires that 
z.. also be added to preserve liveness. The contracted net D, indicates that z_ must not 
be inserted (i) between the pair (D,,,2Z,4) or (Z,_,D,—) because this only produces the 
same problem but with two pairs of consecutive transitions of the same signals, (ii) into 
the R-path (D,4, L.-,D,—) because this makes x, and z_ concurrent and thus violates 
both liveness and persistency. Hence z_ must be inserted into the R-path (D,_, L,,, Da. 
Considering the STG of Fig. 7.3a, this means that r_ must be inserted into the path 
(D,-, Da-, Lr+, La4,D,4). Furthermore, since transitions of input signals D,,L, and Z, 
can have only one incident arcs coming from transitions of their corresponding request 
signals D,,L, and Z,, x. cannot be inserted in front of these transitions. Thus z_ can 
be inserted between (D,_, L,,) as shown in Fig. 7.5, or between (L,4, D,4). In this latest 
specification, zr; does not directly precede transitions of signal D,; however it must be 
used as an input to logic element D, to eliminate hazards at signal D,. 


Finally, note that transition z_ can also be inserted between (Z,4, D,4) in the STG in 
Fig. 7.3a. This would result in another STG specification which yields a slightly different 
implementation of the circuit. This fact indicates that the implementation is sensitive to 
the particular form of the STG, which is understandable because the state graphs extracted 
from STGs are unique state-based representations of the behavior of a circuit. 
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Figure 7.5: (a) The final STG with the addition of signal z. (b) Contracted nets for 


non-input signals Z,, L,, D, and z. (c) Structure of the corresponding circuit. 
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Second Pass. The STG in Fig. 7.5a shows that there are four non-input signals D,, L,, Z, 


and z, with input sets 
I(L,)={D,, Za, t} 
I(Z,) ={L,, D,,; x} 
I(x) ={Z,, Da} 
I(D,)={La, Z,, x}. 


The input set I(D,) contains signal z due to the reason just described. The contracted 
nets of D,, Z,, Z, and z are shown in Fig. 7.5b. At this point, we obtain the structure of 
the circuit using the input/output information of the constituent logic elements, as shown 
in Fig. 7.5c. 


The final step in the synthesis process is to derive logic equations from contracted nets. 
This step is illustrated for signals Z, and z. From the contracted net of Z, (reproduced 
in Fig. 7.6a), one can derive its state graph (Fig. 7.6b) with states representing signals in 
(L,, Da, z, Z,). 


The state graph can be transferred to a type of K-map called transition map; the 
transition map of signal Z, is shown in Fig. 7.6c. Each entry in this map corresponds to a 
state, which is a binary representation of the signals (L,,D,,2,Z,); arcs between entries 
are simply transitions between states as given by the state graph. A K-map for Z, can be 
obtained by replacing each entry (corresponding to a state) in the transition map with its 
implied value for Z,, as discussion in Chapter 4 (Fig. 7.6d). For example, in state 0111, 
the implied value of Z, is 0, thus this entry in the transition map is replaced by a 0. The 
logic equation of Z, can be found from this K-map to be 


Z,=L,D,E. 


Lastly, note that in the contracted net of Z,, there is an R-path (Z,4,Z,-). However, in 
contrast to the previous case, it does not cause non-persistency. Its state graph (Fig. 7.6b 
shows that from state 0000, the firing sequence L,,Z,_ leads back to state 0000. Thus 
both L,, and D,4 are enabled in state 0000; however, since they are considered as inputs 
to logic element Z,, they can be assumed to be persistent. The persistency of L,, and 
D,+ has to be guaranteed by logic elements L, and D,, respectively. 


In a state graph for an output signal 2, it is often the case that a certain state s has 


more than one next-state. Hence we need to choose one for its implied value. Suppose 
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Figure 7.6: Steps in the transformation from a contracted net to the logic equation for 
signal Z,. 


that transitions t; and t2 are enabled in s, leading to next-states 3s, and s2, respectively. 
As described in Chapter 2, there are two cases: 


e If neither t;, ¢2 is a transition of signal i (t,, t2 # %,), then s;(7) = s2(7). In this case, 
the implied value of s is unique. K-map entry corresponding to s is entered with this 
unique value s,(7). 

e If either ¢; or t2 is a transition of i, for instance, 4; = t, and t2 # i,, then s(t) # 
$2(7) = s(t)”. In this case, the next-state value of s is not unique. However, we 
require that the K-map entry corresponding to s be entered with 31(#), the implied 
value which results from the transition of signal i itself. If furthermore, ¢, is also 
enabled in state 52, then ¢, is persistent and no hazard results. Otherwise, t, is 
non-persistent and the circuit has hazards. Note, however, that this will not happen 
if the STG is persistent. 


In the state graph of z, state 101 has two next-states due to the concurrent transitions 


2Note that the case with t; = tz = i, is not possible as either ¢; or tz will not be consistent for state s. 


136 CHAPTER 7. A DESIGN EXAMPLE 


2 Daz 

00 0111 10 
Za 
1 


(ce) Transition map of z 


Daz 
00 0111 10 


(a) Contracted net of x 
(b) State graph of x (d) K-map of z 


Figure 7.7: Steps in the transformation from a contracted net to the logic equation for 
signal z. 


of z_ and Z,_ (Fig. 7.7a). In state 101, the implied value for z is chosen to be 0, as it 
results from the transition z_. Fig. 7.7a shows that regardless of whether logic element z 
is in state 101 or 001, transition z_ will always occur next and the circuit behaves exactly 
the same. The transition map is shown in Fig. 7.7b. The K-map derived from this state 
graph is shown in Fig. 7.7c where the logic equation is found tobe 


z=2Z,D,+2D,. 


This equation has the general form z = $+2R with S = Z,D, and R = D,. Its 
implementation is a set-reset flipflop whose output is z, the set and reset inputs are Z,D, 


and D,, respectively. In order for this implementation to work properly, it is required that 
S.R = 0 at all times. 


Similarly, the same procedure can be applied to other contracted nets to obtain the 
logic equations for L, and D,. They are 

L, 

D, 


D,tZ, 
Z,+L,+ D,z. 


II 


The equation for D, can be rewritten as D, = $+ D,R with S = Z,+L, and R=z, 
and it is implemented as a set-reset flipflop. The contracted net of D, in Fig. 7.5b shows 
that there is a time period during which both Z, and z are high, causing both the set and 
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Figure 7.8: The final circuit realization of the self-timed controller. The controller’s initial 
state is Z. = Z,=L,=L,=r=LB=0,D,=D,=1. 


reset inputs of the D, flipflop to be active. This violates the condition that 5.R = 0 at all 
times. However, it also indicates that output D, is not to be reset until after both Z, and 
L, go low, and therefore, until after the set input goes low. Therefore, this circuit can be 
implemented as a set-dominant flipflop (indicated by S* in Fig. 7.8). One can also choose 
to implement D, directly from the equation given above instead of a set-reset flipflop and 
not to worry about this particular detail. 


Finally, by putting all these elements together, one obtains the control circuit for the 
A/D converter as shown in the dashed box in Fig. 7.8. The self-timed control circuit 
shown is speed-independent, i.e., it operates correctly with any combination of delays 
of logic gates, assuming that the internal feedback delays of the flipflops are negligible 
compared to other loop delays in the control circuit. 


7.3 Summary 


In this chapter, STGs have been used as a specification tool for asynchronous control 
circuits. A STG specification can be viewed as an interpreted Petri net in which each 
transition is identified with a signal transition in a hardware circuit. In the synthesis 
approach proposed, state graphs are generated from a STG and then used to derive logic 
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equations and hardware structures for the signals. In the above specification and design 
example, it has been shown how introducing additional constraints in a STG allows us to 
use level-sensitive hardware circuits instead of transition-sensitive hardware circuits in its 
implementation. These are precisely the persistency constraints which guarantee speed- 


independent (and therefore hazard-free) implementation. 


A STG specification can thus also be viewed as a concise yet more abstract notation for 
specifying a class of state graphs. As specifically illustrated through examples above, most 
of the complex interactions of digital control circuits at the signal level can be lifted to our 
abstract representation using STG notations. At this higher level, one can guarantee live 
and hazard-free operation of control circuits by simply satisfying syntactic conditions on 
STGs. This, perhaps, is the most important point of our graph-based approach. 


The module descriptions used in this chapter require only constructs for specifying 
sequencing and concurrency. There are other behaviors which exhibit conflict and data- 
dependent signal flow that would require additional STG constructs for their specification. 
The formulation and application of these latter constructs are presented in the next chap- 


ter. 


Chapter 8 


Signal Transition Graphs with 
Non-input Choices 


8.1 Introduction 


The Signal Transition Graphs considered so far belong to a class of interpreted free-choice 
nets. By restricting transitions which are in direct-conflict to those of input signals, free- 
choices can be used to specify (nondeterministic) input choices to a control module. Thus, 
in addition to sequential and concurrent operations, these STGs can also specify input 
choices. In practice, however, this ability is only of limited use. More often, one also needs 
to specify control operations involving choices of internal events—the particular choice of 
which control event to execute depends on the state of certain control variables. In this 
chapter, instead of purely free choices, we consider cases in which choices are controlled 
by the state of certain conditions (which hold due to the firing of some signal transition in 
the circuit). This gives rise to the class of nets with controlled-choices. 


There are two alternatives for extending nets to permit the specification of controlled- 
choices, as illustrated in Fig. 8.1. We may choose a structural extension by using nets 
which are structurally more complex than free-choice ones, or we may choose a behavioral 
extension by developing new notations which permit the use of additional conditions to 
further restrict the sets of firing sequences of nets. 


Fig. 8.1a is a free-choice: whenever p is marked with one token, both t; and f are 


enabled and one is nondeterministically chosen to fire. Fig. 8.1¢ is the corresponding 
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(a) free choice (b) controlled choice (ec) input choice (d) non-input choice 
Figure 8.1: Structural and behavioral extension to the FC net model. 


situation for STGs called an input choice, in which ¢, and ¢2 are interpreted as transitions 
of input signals; the decision of which transition to fire is made externally to the system 


and hence appears to be nondeterministic. 


A structural extension to free-choice nets to allow the specification of controlled-choices 
is depicted in Fig. 8.1b. This net specifies a controlled-choice if whenever transition u 
is about to fire (thus marking place p), a token must have already been present at ei- 
ther place p; or pz. Then exactly one of t;,t2 is enabled and the enabled transition will 
fire—nondeterminism never arises in this situation. Fig. 8.1d illustrates the corresponding 
situation in STGs, called non-input choices, i.e., choices involving transitions of internal or 
output signals. In contrast to the input choice in Fig 8.1c where t, and ¢2 are transitions 
of input signals, here they must be transitions of non-input signals. The arc labels a and 
b are logical variables which indicate, respectively, whether places p, and p) are marked at 
the moment p receives a token, For example, we can pick a = (i,1), b = (¢,0) and u, = 14, 
ug =t_. Then a being true means that signal : becomes 1 after transition 74 has fired; a 
being false means that signal 7 ceases to be 1 (due to the firing of i_), etc. 


As will be discussed in more detail, the behaviorally extended net in Fig. 8.1d can serve 


as a correct specification of non-input choices only if the following two conditions are met: 


(i) Only one of the logical variables a and b can become true whenever p is marked. 
(If both can hold simultaneously when p is marked, this controlled-choice becomes a 
free-choice. Thus, free-choice nets can be considered as a special case of controlled- 
choice nets.) 

(ii) Transitions whose firings cause a and 6 to hold are not concurrent with u (in the 
above example, these transitions are u,; and uz, respectively). This condition means 


that whenever p is marked, it is guaranteed that at least one of its output transitions, 
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t, or tg, is enabled. Otherwise, if u,,u2 are allowed to fire concurrently with u, it is 
generally impossible to determine the state of variables a and 6 when p is marked. 
This condition is a fundamental requirement of the proposed behavioral extension; 
further discussion will be given when we present the unfolding algorithm in Chapter 
9. 


Under these provisions, controlled choices can be viewed as additional restrictions on the 
set of firing sequences specified by a FC net. As such, they are a behavioral extension to FC 
nets. The reason for avoiding a structural extension is that to date, an acceptable structure 
theory is available only for the class of free-choice nets. Techniques for structural analysis 
of more complex nets which are useful for our purposes have not been fully developed. 


This chapter describes this extended class of interpreted nets called STGs with non- 
input choices (STG/NCs), their notations and semantics. To distinguish them from STGs 
described in earlier chapters, we call the latter STGs with input choices (STG/ICs). The 
behavior of STG/NCs will also be defined in terms of firing sequence semantics. From 
the behavioral standpoint, a STG defines a set of firing sequences which has an equivalent 
state graph representation. An STG can thus be viewed as an abstract representation of 
a state graph. 


In Section 2 we will consider the underlying idea of specifying non-input choices in 
terms of state graph representations. In particular, we discuss the deficiency of state 
graphs for modeling non-input choices and a simple solution to this problem. This leads 
to a notational extension to the STG model, as described in Section 3. This section also 
describes the syntactic definition of STG/NCs and their firing rule. In Section 4, a design 
example is carried through to informally illustrate the main ideas. This example describes 
the synthesis of a FIFO controller which operates using a two-cycle signaling protocol. One 
unusual feature of this design is that its STG specification contains both concurrency and 
internal choices, in contrast to other synthesis approaches which restrict the specification 
to sequential processes, and thus cannot specify both internal choice and concurrency at 


the same time. 
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8.2 The Basic Idea 


In this section, through a number of illustrative examples, we demonstrate a fundamental 
difficulty in modeling internal choices in the class of finite automata corresponding to state 
graphs. After identifying the cause of this problem, we suggest a solution which necessitates 
the use of a higher level representation for state graphs—this being STGs with non-input 
choices, as described subsequently. 


8.2.1 A fundamental problem with specifying non-input choices 
in state graphs. 


Recall that a state graph @ defined on a set of signals J is given by ® = (S,T, 6,0) where 
S={s:J— {0,1}} and T = J x {+,—}. J and T can be partitioned into input, internal 
and output sets, denoted by subscripts J, N and O, respectively. For convenience, we 
also define non-input sets as the union of internal and output ones, and denote them with 
subscripts NI. 


In ®, suppose that there exists a configuration shown in Fig. 8.2a, with 3;[u)s2, $9[t1)3s[ts), 
$2[t2)84[t4), where u is the only transition enabled in state s,. According to the previous 
definition of enabling and disabling, this situation corresponds to uEt, and uEt, in 31. 
Since t, and ft, are enabled in the same state and t, ¢ Tx(s3), ti ¢ Te(s4), they correspond 
to transitions in direct conflict. (Recall that T(s) denotes the set of transitions which are 
enabled in state s.) 


As argued below, whether t, and t2 are indeed in direct conflict, that depends on 
whether they are transitions of input or non-imput signals. For the sake of argument, let 
us consider the direct conflict in Fig. 8.2a purely as a specification intended for specifying 
a nondeterministic choice in some control module. Due to the fact that in a state graph, 
transitions behave differently depending on their type (input or non-input), whether this 
specification is in fact a choice that will depend on the type of the transitions. For state 
graphs, transitions of input signals are caused by the environment, whereas non-input ones 
are caused by the system itself. The occurrence of the latter is determined solely by the 
internal delays of the system and hence, cannot be known exactly. Below, these cases are 


examined. 
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Figure 8.2: (a) A state graph specification with t, and t, enabled in the same state. (b) If 
t1,t2 # tu then t, and t2 are concurrent. (c) If t; = u@ then t2 is non-persistent. 


If t1, t2 € T; then as discussed in Chapter 5, it is an input choice. Furthermore, t; and tz 
can be assumed to be persistent; their persistency can be guaranteed by the environment. 
On the other hand, if t,, t2 ¢ Ty then the specification of Fig. 8.2a doesnot guarantee that 
t, and ¢2 will be persistent or that they may occur concurrently, as explained below.! 


e ti,t2 4 w: Since uF; in 3; and tz, # t, the occurrence of tz in 32 brings the system 
to 34 in which ¢, must still be enabled: s4[t,). Similarly, since uEt, and t; # w, we 
can also conclude that s3[t2). Hence t,, t2 ¢ T; U {t} = sq[t,)s3[t2) A se[te)s4[t), and 
this means that ¢, and f2 are in fact concurrent (Fig. 8.2b). 


e t; = u or t2 = &@: Suppose that ¢; = @ and t, # wu (the other case with t; # w and 
t2 = u can be treated in a similar fashion). As before, since ut; in 3; and t, # t, ty 
must still be enabled in s4. However, since ut, in 3, but t; = ti, the occurrence of t, 
in 82 brings the system to state s3 in which t, is no longer enabled (Fig. 8.2c). Hence, 
t, disables t2 in s2 thus causing tz to be non-persistent. The obvious implication of 
this is that in the corresponding hardware implementation, an occurrence of tz can 


cause a hazard which may lead to malfunction. 


The above analysis shows that state graphs can only be used to specify input choices. 
If a specification involves non-input transitions enabled in the same state, due to the fact 
that their occurrences are controlled internally, these transitions will occur concurrently 


or produce hazards—neither case is desirable. 


1We do not consider cases with t; € Ty Ate ¢ Ty or tg € Ty At; ¢ Ty because these involve choices 
between input and non-input signal transitions. 
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8.2.2 Specifying non-input choices in state graphs. 


Consider the state in Fig. 8.3a. Since rz and y are enabled in the same state s and they 
are transitions of input signals (input transitions are underlined), they indeed specify an 
input choice. In contrast, t; and t, are enabled in the same state s2, but since they are 
transitions of non-input signals, they may be non-persistent or concurrent, as discussed 
earlier. Hence, this state graph cannot be used to specify a non-input choice as intended. 


Now, suppose that once transition u has occurred and the system has settled in state 


$2, we want the system to perform the following decision: 


e enable transition t; only if x had occurred previously, and 
e enable transition t, only if y had occurred previously. 


It can be seen that for the state graph in Fig. 8.3a, this type of decision is impossible 
because as soon as the system reaches state 31, it looses the knowledge of which of x or y 
had occurred. In order to allow for non-input choices, we must “split” states 3, and 32 into 
pairs {s;,s;} and {3,33}, respectively (Fig. 8.3b). In this state graph, once transition u 
has occurred, the enabling of t, is conditional on the occurrence of z and likewise, that of t, 
on y. Furthermore, by splitting state 32, tj and t2 are no longer enabled in the same state; 
the problem discussed above no longer exists. Thus this simple technique provides not 
only a way for specifying non-input choices but also a nice solution to the above problem. 


As discussed next, the proposed solution gives rise to another problem, thus indicating 
a fundamental deficiency of state graphs in specifying non-input choices. Suppose that 
one is given the state graph in Fig. 8.3b. By noticing that uFt, in sj; and uFt, in s/, one 
may be able to deduce that t, and t2 are possible internal choices after the occurrence of 
u. However, in general, the exact condition which causes a particular choice cannot be 
determined precisely: by inspecting only the state graph, the condition which causes the 
choices of t; may be due to the occurrence of either one of z or ¢;; similarly that t2 may 


be due to either one of y or tg. 


In order to specify the exact conditions for non-input choices, new notations need to be 
introduced, as illustrated in Fig. 8.3d. The output arcs of place p are labeled with control 


variables a and b where, for instance, a = (2,0), 6 = (t,1), 2 =t_ and y = 74. In this case, 
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Figure 8.3: (a) A state graph intended for specifying an internal choice between t, and fp. 
(b) The correct way for specifying interna] choice between t; and t2. (c) The STG for the 
state graph in (a). (d) The STG for the state graph in (b). 


for example, when z fires, a becomes true and t, will be enabled. This STG can be viewed 
as a high-level representation of the state graph in Fig. 8.3b, and can be distinguished 
from the STG without these labeled arcs shown in Fig. 8.3c. 


Before giving a precise syntactic characterization of STGs with non-input choices, the 


following remarks are in order. 


The use of arc labels in STGs allows one to specify non-input choices and the exact 
conditions which control the choices; such a capability is not supported by free-choice 
nets. An immediate implication of this extension is directly related to the hardware 
implementation: in the decomposition stage for logic implementation, signals corre- 
sponding to these conditions must also be included as input to a logic element. For 
example, in Fig. 8.3d signal : must be considered as an input to logic elements j and 
k, where t, = j, and t2 = k,. 

The controlled-choice notation has significant ramifications in our formulation of 
STGs in that it allows us to restrict the number of appearance of every transition 
in T to no more than once in a STG specification, and this is consistent with our 
previous formulation. (Recall from Chapter 2 that this restriction is necessary to 
prevent the confusion between concurrency and nondeterminism in the corresponding 
state graph representation.) 


In comparison with free-choices, controlled choices can be viewed as a further restric- 
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tion on the sets of firing sequences. For example, the set of firing sequences for the 
free-choice case in Fig. 8.3c is {xtsutyts, rtsutgt,, ytgutyts, yteutot,}, whereas that for 
the controlled choices in Fig. 8.3d is restricted to the subset {rtsutits, yteutot,}. 


8.3 STGs with non-input choices 


—6©~8.3.1 Syntax 


A STG with non-input choices (STG/NCs) of a control module with a set of signals J is 
defined as follows. 


Definition 8.1 A STG with non-input choices defined on J is described by Dy = (P,T, F, Mo; ), 


where 


e (P,T, F, Mo) is a LSFC net satisfying the one-token SM restriction, with the addition 
of a fintte set of dummy transitions denoted by €: F C (P x (TUE))U((TUE) x P). 


e The arc labeling function \: F + J x {0,1} ts @ partial function with 
dom(A) = {{z,y) E F| ce PAl«e-|>1A(y € Tyr VE)J}, 


2.€., dom(X) Cc Fn (P x (Tyr U €)). 


The set € = {e1, €2,...,€m} is a finite set of dummy transitions, each member of € is really 


a stlence transition whose purpose will be discussed shortly. 


In the graphical representation of arc labels in J x {0,1}, we use j and j to denote 
{(j,1) and (j,0), respectively. An arc label (j,0) represents a control variable which holds 
whenever signal 7 is equal to 0. 


We further require that for a place p € P such that |p-| > 1, 


e either p- C T; (in which case p is called a free-choice place) 
e or p- C Tyr UE (in which case p is called a controlled-chotce place). 
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Figure 8.4: (a) A STG with non-input choices and (b) abbreviating the dummy transition. 


Thus a STG/NC may contain both free choice and controlled-choice places, while a STG/IC 
may contain only free-choice places. 


The introduction of the dummy transition ¢€ is a mere technicality: in situations involv- 
ing non-input choices (as illustrated in Fig. 8.4a), when p, is marked, if control variable 
a holds then t,, t2, ts occur in sequence; otherwise, if @ holds then only t3 will occur (the 
exact meaning of “hold” will be given shortly). The dummy transition € serves as a place 
holder to avoid too many changes to the syntax of STGs and their firing rule: without it, 
we must extend F' to P x P and change the firing rule accordingly. For convenience we 
will draw an arc directly between two places whenever an e-transition is encountered, as 


done in Fig. 8.4b. Thus, the use of dummy transitions is restricted to the following cases: 


; da € J x {0,1} : A((z,y)) = a and 
Viz,y)e€ Fifye€ th : 
(x,y) wy Se ie 


8.3.2 Firing rule 


The firing rule for STG/NC is exactly the same as for Petri nets, i.e., whenever a transition 
(including the dummy transition €) is enabled, its firing will remove one token from each of 
its input places and one token is added to each of its output places. However, the enabling 
condition for STG/NC is slightly different: 


e For every transition t with no labeled input arcs, t is enabled the usual way: M/[t) 
iff Vp € -t, M(p) > 1. 
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e For every transition t with the input arc labeled with a, e.g. -t = {p} and X(p, t) = a,” 
then M[t) iff (i) Vp € -t, M(p) > 1 and (ii) the condition a holds at M. 


We say that condition a holds at marking M 


e for the case a = (j,0) iff at M, transition j_ has fired and j, has not; 


e for the case a = (j,1) iff at M, transition j, has fired and j_ has not. 


In other words, if s is the binary state corresponding to marking M, then the holding of a 
at s means that s(j) = 0 for the case a = (j,0), and s(j) = 1 for a = (j,1). 


The above rules should provide an adequate recipe for determining the sets of firing 
sequences and their equivalent state graphs from STG/NCs. This is accomplished by 
determining at every marking the enabled transitions and by firing them to reach a new 
marking, and so on. However, in order to use them effectively, we need to enhance the 
analysis power for this type of STGs. Fortunately, a STG/NC can be converted into 
one containing only free-choice places by first unfolding it into an occurrence net and 
then folding it back into a free-choice net. Such procedures constitute the main steps of 
an ezpansion algorithm described in the next chapter. For free-choice nets, the results 
developed earlier in the thesis can be used directly. The presentation of this expansion 
algorithm necessitates the introduction of occurrence nets and processes generated from 
Petri nets, as will be discussed later. Below, we illustrate the use of STG/NCs with 
a design example of a FIFO controller, which uses a two-cycle handshake protocol for 


external communication. 


8.4 An example: a two-cycle FIFO controller 


We discuss an example of a STG specification of a two-cycle FIFO controller. The main 
objective of this example is to show the expressive power of this extended STG model 
and the type of asynchronous circuits that can be synthesized from it. To provide some 
intuition, an informal description of the expansion algorithm mentioned above will follow. 


The synthesis steps to produce the circuit realization will also be outlined. 


?From now on, we write A(z, y) for A((z,y)). 
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The block diagram of the FIFO module is shown in Fig. 8.5a, a timing diagram describ- 
ing its operation in Fig. 8.5b. The FIFO module has three control links, each being a pair 
of request/acknowledge signals. At the input link, R; makes a transition each time new 
input data is available; A; makes a transition each time the data has been used and the 
module is ready to accept new data. At the output link, R, makes a transition whenever 
the module has stored data, and A, makes a transition whenever the succeeding stage has 
accepted the data. Link {Z, D} is connected to a flipflop which simulates the data storing 
operation. Signal L makes a transition to load data into the registers, signal D makes a 
transition when the loading operation is done. For every cycle of operation, the signal L 
serves as a load pulse to control the input gates of register cells. This FIFO cell operates 
in a pipelined fashion by coordinating transitions at the input and output links. In this 
STG specification of the FIFO module, transitions of signals at the input link {J,, [,} can 
occur concurrently with those at the output link {O,, O,}. 


The STG specification for this circuit is shown in Fig. 8.5c, in which the output arcs 
of places p; and ps3 are labeled with variables D and R;, respectively, and there are no 
free-choice places. Formally, the labeling function » is defined by 


(Pi, Ai) = (D, 0) and X(Pi, Ait) = (D, 1) 
\(ps, D4) = (Ri,1) and A(p3, D_) = (R;,0). 


The set {D, R,;} can be used to form the control states which dictate the choice between 


alternate control sequences. 


In the initially marking Mo = {ps, (Ai_, Ri+)}, transition Rj, is enabled. The initial 
state of the system is 39 = 000000, where states are vectors of binary values of signals in 
(R;, A;, L,D,R,,A.). After the firing of R;, and subsequently, L,, place p; is marked. At 
this marking, the condition (R;,1) holds (because R,, has just fired), thus enabling D,. 
After D, has fired, L_ may fire concurrently with the sequence R,,,A,4, marking places 
p; and ps. At this marking, A,, is enabled due to the holding of the condition (D,1). Thus 
one can “execute” the net and expand it into one shown in Fig. 8.5d. In this figure, there 
are two instances of L, denoted by L} and L}, and two instances of L_, likewise denoted. 
The finite automaton derived from this new STG is given in Fig. 8.5e, from which it can be 
seen that there is no state at which both A;, and A;_ (similarly, Dy and D_) are enabled. 
Hence, by using arc labels to perform decisions, we have in effect “split” states which could 


have otherwise involved conflicts between transitions of non-input signals D and Aj. 
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Figure 8.5: (a) The block diagram of the two-cycle FIFO controller, (b) its timing di- 
agram, (c) its STG/NC specification which can be expanded into a STG/IC (d). (e) 
The state graph of the STG/IC in (d). (f) The control-state graph. (g) The final logic 
implementation, with L = DA,R,; + DA,R;. 
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It is useful to construct from Fig. 8.5d a state graph which consists only of control 
variables R;,D. Such a state graph (Fig. 8.5f) is called a control-state graph (CSG) and 
is obtained by performing T’-contraction on the state graph in Fig. 8.5e, where T’ = 
{R;,D} x {+,—}. A CSG contains only control states and it allows one to tell which 
choice is made at free- and controlled-choice places in the STG. 


From the STG in Fig. 8.5d, the synthesis procedure described earlier can be applied 
directly to produce the logic equations and structure of the circuit. The only minor dif- 
ference is that we need also to include the control variable D in the input set of A;, and 
R; in the input set of D. The input sets are given below, from which the structure of the 


logic circuit can be determined. 


I(A;) = {L, D} 
I(L) = {R,;,A.,D} 
I(D) = {L,Ri} 
I(Ro) = {D}. 


The circuit diagram for the FIFO cell is shown in Fig. 8.5g. There are two latches which 
pass the input D to output Q if the gating signal G is active, and hold the output if G is 
inactive. Their logic functions are Q = DG + Q(G + D). The logic function for signal L 
is L = DA,R; + DA,R;. In a practical design, it is intended that the delay of the latch 
whose output is D be used to “time” the latching operation of the data registers for each 
stage of the FIFO. This circuit is completely speed-independent and has no problem with 
hazards, including the type called delay-hazards, under the following assumptions: 


e Logic gates have unbounded delays, wires have no delays. 
e The internal feedback delays of the latches are negligible compared to other loop 
delays. 


Remarks. In the STG/NC (Fig. 8.5c) non-input choices are specified using controlled- 
choice places p, and p3. These illustrate an important underlying mechanism when one 
considers STGs as a high-level representation of state graphs, which is the following: 


e For a free-choice place, e.g. place po with py: = {x,y} C Ty; in Fig. 8.3c, in the 
state graph, there exists a state in which both z and y are enabled (Fig. 8.3a). This 


represents an input chotce. 
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e For a controlled-choice place, e.g. place p, with py- = {A;_,Aj,} in Fig. 8.5c, in 
the state graph (Fig. 8.5e), there exists no states in which both A; and Aj, are 
enabled. Thus a controlled-choice place indicates that its corresponding state in the 
state graph must be split so that each non-input choice is enabled in a different 
state. This is carried out by expanding the net to one shown in Fig. 8.5d, in which 
all non-input choices have been determined and removed by unfolding the original 
net. In the state graph, the states in which A, and A,, are enabled (say s and 3’, 
respectively) are guaranteed to be different because the value of signal D is chosen 
such that it is different in these states: s(D) = 0 and s’(D) = 1. Hence the use of 
arc labels ensures that split states have different binary representations. 


Chapter 9 


The Expansion Algorithm 


In this chapter, we describe an algorithm for converting STGs with non-input choices 
(STG/NCs) into STGs with input choices only (STG/ICs). This algorithm involves un- 
folding a STG/NC into a process and then folding the latter back into a STG/IC—a proce- 
dure called erpansion. The underlying idea of the expansion algorithm can be understood 
by viewing STGs as high-level representations of state graphs. At the end of Chaper 8, we 
have emphasized that for a free-choice place, there exists a state with input choice, and 
for a controlled choice place, there exists a state with non-input choice. By manipulating 
the STGs, one can manage to split states with non-input choices in their corresponding 
state graphs. Specifically, this is carried out in two stages. In the first stage, all states 
with input and non-input choices are split; this is done by unfolding the STG/NC into a 
process. In the second stage, only states which previously involve input choices are merged 
back together; this corresponds to folding the process back into a STG/IC by merging only 
free-choice places. 


This chapter is organized as follows. In Section 1, we describe yet another type of 
primitive nets called occurrence nets, which are commonly used for describing the semantics 
of higher level nets. In particular, the “execution” of live-safe Petri nets basically unfolds 
them into occurrence nets called processes. We will develop a number of useful properties 
for processes of nets and use them to derive some important results for processes of STGs. 
These results are required in the expansion algorithm described in Section 2. In this 
section, algorithms for net unfolding and folding of LSFC nets are given in order to motivate 
the development of the expansion algorithm which converts a STG/NC into a STG/IC. 
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Once a STG/IC is obtained, the synthesis procedure described in earlier chapters can be 
applied directly, as illustrated in an example at the end of Section 2. In Section 3, we 
study properties of STG/NCs, including liveness and the characterization of the temporal 
relation in these nets. Finally, Section 4 summarizes the main ideas and provides some 


remarks concerning our techniques. 


It is important to note that this extension to the theory of Petri nets is a part of 
structure theory and hence, all results are guaranteed to apply only to nets which satisfy 
the one-token SM restriction stated earlier. 


9.1 Occurrence nets and Processes of nets 


In this section, we introduce a type of acyclic net structures called occurrence nets, being 
partial orders whose elements are conditions and events, together with a binary relation 
specifying the precedence relationship between these elements. Occurrence nets can be 
used as semantics for Petri nets: by executing a Petri net, one can unfold it into an 
occurrence net, and each execution produces an occurrence net called a process. 


As argued earlier, for our purpose of using nets for synthesis of control systems, se- 
mantics based on firing sequences are more useful than those based on partial orders. Our 
chief motivation for presenting occurrence nets and processes is to provide a technique for 
net unfolding, which is part of the expansion algorithm described later. 


9.1.1 Occurrence nets 
Consider a type of elementary net structures represented by N = (B, E,H), where 


e B isa set of conditions (similar to places and depicted likewise), 
e E is a set of events (similar to transitions and depicted likewise), 
eHOCExBUBx EF OO is the flow relation, 


subject to the following restrictions: 


e E C dom(H) U range( #) (no isolated events) and 
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e Vb, b, € B: (-by = -b2) A (by = bo-) => b, = be (the net is pure). 


Then N is an occurrence net iff 


e VbEB:|b-|<1A]-b] <1. 
e Vz,y€ BUE: cHty => -(yH*z) where H* denotes the transitive closure of H 


(H+ is irreflexive). 
For N, we also define the sets of boundary elements as follows: 


°N 
N° 


{rt € BUE|-z = 9}, 
{rE BUE|z- = 9}. 


From an occurrence net, one can define a partial order! (X,H+) where X = BUE. 
Ordering and concurrency (unordering) between elements in X can then be defined as 
follows. For every z,y € X, z and y are 


e ordered, denoted as {z,y} € li or cliy, iff (rHty) V (yHtz); 
e concurrent, denoted as {x,y} € co or zcoy, iff ~(rHty) A7(yHtz). 


The notions of chains, ines, antichains and cuts can be defined as follows. 


e1CX isa chain iff Vz,y El: ley; a line is a maximal chain. 


e cC X is an antichain iff Vz,y € c: rcoy; a cut is a maximal antichain. 


Also, b-cuts and e-cuts denote cuts consisting only of elements in B and E, respectively. 
Note that for LSFC nets, we use li and co to denote ordering and concurrency relations; 
these are characterized directly on LSFC nets, in contrast to the above relations which are 


defined on occurrence nets. 


1A partial order is defined here as a set together with an irreflerive and transitive binary relation. 
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9.1.2 Processes of nets 


Informally, a process of a Petri net is an occurrence net obtained by unfolding a Petri 
net into an acyclic structure involving only ordering and concurrency but no conflicts. 
For example, given a Petri net which is a simple cycle pytipot... Patnp, with p, initially 
marked, by unfolding this net one obtains an occurrence net corresponding to a line: 


PitpPote + PatnPitiPata - «+ PatnPa «+ 


where superscripts are used to denote instances of places or transitions. Even though nets 
can generate infinite processes, for all practical purposes, finite processes are adequate. 
Hence unless explicitly stated otherwise, we consider only finite processes. Formally, a 
process of a net is defined as follows [42]. 


Definition 9.1 Let © = (P,T,F,Mo) be a Petri net and N = (B,E,H) an occurrence 
net with °N, N°C B. Then PN = (B,E,H;¢) is a process of 0 tff¢: BUE + PUT 1s 
a surjective function satisfying the following conditions (¢ is extended to ¢: P(BUE) > 
P(P UT) in the obvious way): 


(a) $B) C PAG(E) CT. 

(b) Vee EWE T: d(e)=t > o(-e)=-tAd(e) =t- 
(c) o(°N) € {p € P| Mo(p) = 1}. 

(d) Wr1, 22 € BUE: $(21) = G(a2) ai lize. 


Condition (a) states that the mapping is type preserving: conditions map to places, 
events map to transitions. Condition (b) further states that if an event e maps to a 
transition t, then e’s input (output) conditions map to ¢’s input (output) places. Condition 
(c) requires that °N map to a subeet of initially marked places. Finally, condition (d) states 
that two instances in the occurrence net map to the same element in the Petri net iff they 
are ordered; this is an important point to which we will return shortly. 


Usually, we let E C T x {0,1,2,...}, so that events in E correspond to instances of 
transitions in T. For t € T, its instances in E are denoted by ?°,t!,t?,... and hence 
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Figure 9.1: (a) A LS marked graph and (b) one of its processes. (c) The finite automata 
representation derived from the trace set of (b). 
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o({t°, t', t?,...}) = {t}. Similarly, we let B C P x {0,1,2,...}, so that conditions corre- 
sponding to instances of a place p are denoted by p®, p', p?... and hence ¢({p°, p', p’,...}) = 
{p}. Processes always start and end with b-cuts: °N, N° € B, as shown in Fig. 9.1b. 


The notion of process is closely connected to the execution of live-safe mark graphs. 
In fact, a LS marked graph can be directly unfolded into a process without the omission 
of any transition during unfolding. Fig. 9.1a is a LS marked graph which can be unfolded 
into the process in Fig. 9.1b. This process possesses a certain periodicity: it repeats the 
same behavior whenever it reaches a b-cut which maps to the initially marked places in 
Mo. 


9.1.3 A few results for processes of LSFC nets 


Most of the results developed earlier for LS marked graphs can be applied to processes 
with some slight modification. As remarked at the beginning of this section, a live-safe 
Petri net which is a simple cycle unfolds into a line, as defined earlier. For LSFC nets, we 
define two elements of a net to be ordered iff they belong to a simple cycle. This means 
that in a process generated from a LSFC net, all ordered elements belong to the same line. 
Thus for LSFC nets, the above fact generalizes as follows. 


Lemma 9.2 Let D = (P,T, F, Mo) be a LSFC net satisfying the one-token Sm restriction 
and PN = (B,E,H;¢) a process of D. Then for every x,y € PUT: 


(a) If {x,y} € liUcf then there exists a line in PN to which all instances of x and y, 
zy? € BUE, belong. 


(b) If {x,y} € co then there exists no line in PN to which all instances of x and y, 
zr',yi € BUE, belong. 


Sketch of proof. For part (a), if {x,y} € li then this is a formal statement of the fact that 
a simple cycle unfolds into a line. If {z,y} € cf then z,y must belong to a SM-component 
which is live-safe of &. This SM-component must also unfold into a line in the process PN 
as at any marking, exactly one of its places can be marked and no more than one of its 


transitions is enabled. 
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For part (b), if {x,y} € co then there exists no simple cycle in © to which both z,y 
belong, and there exists a MG-component containing both. It is simple to verify that 
in this case, when the MG-component is unfolded, there cannot be a line containing all 


instances of x and y. | 


From this lemma, we can further deduce that since every z € PUT belongs to the 
same simple cycle with itself, there exists a ine in PN to which all instances of x belong. 
Another consequence of the above lemma is that a p-cut in a net corresponds to a b-cut in 
its process. Since a p-cut represents a set of places which can be marked concurrently and 
hence corresponds to a marking of a net, a b-cut is a record of the holding of a marking 
of the net. Similarly, there is a correspondence between t-cuts and e-cuts; the former 


representing a set of concurrent transitions, the latter a set of concurrent events. 


Chapter 3 has provided a semantics of LSFC nets based on firing sequences. For the case 
of LS marked graphs, their sets of firing sequences can be obtained by weaving the sequences 
derived from a set of simple cycles which cover the nets. This result can be adapted 
directly to occurrence nets to allow the determination of their corresponding trace sets and 
equivalent automata. For example, the trace set of the process in Fig. 9.1b can be obtained 
by first choosing a set of lines which cover the structure, deriving their corresponding 
traces and weaving them. The equivalent automata representation for Fig. 9.1b is given 
in Fig. 9.1c. This idea can be formalized as follows. In an occurrence net N = (B, E, H), 
a set of lines LD = {l,,l,..., ln} covers net N iff V(z,y) € H,(z,y) belongs to some line 
I; in N. For a line 1; = bje1b2¢2.... mbm,” its FA (denoted as F'A;) can easily obtained by 
considering conditions as states and events as transitions between states. Then similar to 
the construction algorithm in Chapter 3, the equivalent FA of a process N (denoted as 
F Ay) is given by 

FAy = FA, || FA; ||..-|| FAn. 


9.1.4 Processes of STGs 


Instead of considering processes generated from LSFC nets, we consider those generated 
from STGs. The main difference is that a process PN = (B,E,H;¢) generated from 
an STG Ly, = (P,T, F, Mo) contains events which map to complementary pairs of signal 


2Note that in a process, every line starts and ends with a condition in B. 
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transitions: Vt € T de;,e; € E such that ¢(e;) = t and ¢(e;) = ¢. As mentioned earlier, 
a b-cut in a process corresponds to a marking of a net. For processes of STGs, such a b- 
cut has a corresponding binary representation s. Similar to the state-assignment function 
defined in Section 4.2, let a : P(B) + S be a mapping from b-cuts to binary states. This 
mapping provides a mechanism for establishing the correspondence between b-cuts in a 


process and binary states in the state graph. This mechanism is required for the following 
two purposes: 


(a) In unfolding a STG/NC into a process, we may reach a b-cut which contains a 
controlled-choice place. At that point, we need to evaluate which control variable 
holds in order to proceed with unfolding the net. This mechanism allows one to 
determine the states of control variables from the process generated thus far. 

(b) In folding a process into a net, we “merge” b-cuts in the process which correspond 
to the same’ binary state. Again, this mechanism permits. one to determine whether 
two b-cuts have the same binary representation. 


Below we consider these two cases. Due to the similarity between processes of nets and 
marked graphs, most of the results developed earlier for marked graphs and STGs can be 
applied to processes of STGs with only a slight modification. In the following, we state 
most of the results without proof and only appeal to their close relation with results for 
STGs. 


The conditions on a process so that its equivalent FA has a consistent state assignment 
(c.s.a. for short) are similar to those for marked graphs. For brevity, in the following, we 
refer to a process or a net satisfying the conditions so that its equivalent FA has a c.s.a. 
simply as a process (or net) with a c.s.a. 


For ¢t € T, let E(t) “feck | ¢(e) = t}, the set of events which map to transition t. 
Then the process PN has ac.s.a. iff Vt € T, there exists a line 1 in PN such that 


(a) every element in E(t) U E(t) belongs to |, and 
(6) elements in E(t) and E(t) alternate in l, i.e., 


either FS(l) [ E(()UE(D=OPOCCE..., 
or FS()) [ EQ) UE) = PLP UPL... 
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It has been shown in Theorem 4.8 that a STG has ac.s.a. iff each of its MG-components 
has ac.s.a. In such a STG, ¢ and ¢ are ordered for any pair of transitions t,t. Thus when 
it is unfolded, all events corresponding to t and ¢ must belong to the same line and they 
must alternate. It follows that ifa STG has ac.s.a. then every process generated from it 
has a c.s.a. Furthermore, according to Theorem 5.2, a STG is live only if it has a c.s.a. 
Hence, if a STG is live then each of its processes has a c.s.a. 


For distinct b-cuts B;,B; in PN, we also define the interval from B; to B; (i <j) as" 
[B;, B;] af {x € BUE|z belongs to a chain from B; to B;}. 


Let s; and 3; be binary states corresponding to B; and B;, respectively, i.e., 3; = a(B;) 
and s; = a(B;). Then in the equivalent FA of the process PN, every path o from 3; to 3; 
contains all events in [B;, B;] and therefore |o| = |E N[B;, B;]|. 


An interval [B;, B;] forms a complementary set iff 


WeeT: |[B,,Bj]N E()| = |[Bi, BN EC). 


The following lemma states that b-cuts B; and B; have the same binary representations 
iff the interval [B,;, B;] forms a complementary set. 


Lemma 9.3 Let Dy be a ive STG and PN a process generated from tt, as defined above. 
Then for every distinct b-cuts B;, B; in PN: 


a(B;) = a(B;) @ [B;,B;] forms a complementary set. 


Proof. If Xz is live, PN must have a c.s.a.. Let 3; = a(B;) and s; = a(B;). If-[B;,B;] 
forms a complementary set then every path o : s,;[7)s; in the state graph of PN must 
contain (i) the same number of events e and @, where ¢(e) = ¢t and ¢(é) = ¢ for some t € T 


and (ii) they must alternate. In this case, it is simple to verify that s; = s;. | 


Let Sy be a live STG and PN a process generated from Ly. Let Bo denote °N, then 
the initial state 39 and Bo are related by 39 = a(Bo). The following lemma shows how to 
determine the binary state corresponding to any b-cut B; in PN. 
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Figure 9.2: (a) At B;, 3;(m) = 1. (b) At B;, s;(m) = 0. (c) At B;, 3;(m) = so(m). 


Lemma 9.4 Let Dy = (P,T,F, Mo) be a live STG defined on the signal set J and PN = 
(B, E,H;¢) a process of Sz. Then for every signal m € J and for every b-cut B; in PN, 


the value of signal m at state s; = a(B;) ts given by 


(a) s;(m) =1 if there exists B; # B; (i <j) such that m, € [B;,B;] A m_ ¢ [Bj, B,). 
(6) s;(m) = 0 if there exists B; # B; (i <j) such that m_ € [B;, B;] A m4 ¢ (Bi, Bj]. 


(c) s;(m) = so(m) otherwise, where 89 = a(Bo), Bo = °N. 


The proof is quite easy; it hinges on the fact that in the process PN of a live STG, for 
every transition t € T the subsets of events E(t) and E(t) belong to a line, and furthermore 
PN has a consistent state assignment. Fig. 9.2 illustrates these cases. Note that in case 
(c), B; = Bo and [Bo, B;] contains neither m, nor m_. This means that signal m has not 
changed since the initial state 39. 
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9.2 The expansion algorithm for STG/NCs 


The expansion of STG/NCs consist of two algorithms: an unfolding and a folding one. 
First, we develop such a pair of algorithms for FC nets; these algorithms are then modified 
into the expansion algorithm for STG/NCs described subsequently. 


9.2.1 Unfolding and folding of free-choice nets 


Processes of live-safe Petri nets can be generated by simply unfolding the nets, resolving 
conflicts along the way. For free-choice nets, unfolding is a simple procedure which is 
intimately related to the MG-reduction algorithm due to Hack, described in Chapters 2 
and 3. As before, for a Petri net (P,T, F’), define an allocation function A: P — T which 
allocates an output transition for every place, i.e. Vp € P: A(p) € p-. Ina free-choice net, 
if a place p has more than one output transition then any one of them can be allocated 
arbitrarily. 


The following net unfolding algorithm unfolds the net iteratively and in each iteration, 
A is determined only for a p-cut corresponding to the last set of conditions of the process 
generated thus far. (In contrast, in the MG-reduction algorithm, A is determined for all 
places in P at once.) In the following, B; is used to denote a set of conditions generated 


during a step of unfolding, and it is not necessarily a b-cut. 


Algorithm 9.5 (Net Unfolding) Let © = (P,T,F, Mo) be a free-choice net and PN = 
(B, E,H;¢) a process of 5. Then PN is constructed by iteratively unfolding I as follows. 


(a) Initialization: Let Po C {p€ P| Mo(p) = 1} such that Pp is a p-cut. 
Leti=0. 
(b) One step of unfolding consists of the following. 
bi. Define B; such that ¢(B;) = P; and |B;| = |P;|. 
b2. Pick the allocation function A(P;) and define 


T; = {te A(P) | (vp t)(3be LU Bj): $(b) = pAb =O}. 


O<sSt 
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b§. Define E; such that ¢(E;) = T; and |E,| = |T;]. 
b4. Define UH; © (Uo<j<i Bj) x Ej such that 
(vbe |) B;|b- =0)(Ve € E;) : (6(b), d(e)) € F + (be) € UH;j. 
O<jsi 
b5. Let Piya = (Tj). Define Bix; such that $(Biz1) = Pig and |Biyi| = |Pi4i|- 
66. Define DH; C E; x Byy; such that (z,y) € DH; = (¢(z), d(y)) € F. 
bY. Let H; =UH;U DH;. 


(c) Lett =i+1. Process PN can be further generated by going back to step (b), otherwise, 
it 13 gtven by 


B= U B, E= U & H= U &;. 


O<j<i O<3<i O<j<i 


It is important to note that step 62 is most crucial in the algorithm, and means that 
for each place p € P; : 


e If |p-| >1 (eg. p- = {t:, t2}) then A(p) is chosen nondetermistically (e.g. A(p) = t2). 
Since p is a free-choice place, t, has no other input places and it can be included in 
T;. 

e If |p-| = 1 (e.g. p- = {t}) then A(p) = ¢. In this case, however, t may have other 
input places (i.e., -t > 1); ¢ is included in T; only if all conditions corresponding to -t 
have already occurred in the process generated thus far. 


An example of net-unfolding applied to a LSFC net (Fig. 9.3a) is shown in Fig. 9.3b. 


Notice that only some of B,’s are b-cuts, some of F;’s are e-cuts. 


Folding of a process of a LSFC net is rather simple and uninteresting; nevertheless, we 
describe it here to motivate the folding operation—similar in spirit—required for STGs 


with non-input choices. 


Let © be a LSFC net and PN a process of 3), obtained by applying the above unfolding 
algorithm. In order for PN to reproduce the original net © when folded, elements of PN 
must map to the set of all elements of L. In other words, the smallest process PN which 
can be folded back into must satisfy 
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(b) 


Figure 9.3: A demonstration of the net unfolding algorithm, as applied to a LSFC net (a) 
to produce a process (b). 
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(i) 6(°N) = (N°) C {p| Mo(p) = 1} and 
(ii) BU E is the minimal set such that ¢(B U LE) = PUT. 


Such a process will be called complete. The following net folding algorithm is applied to 
complete processes of LSFC nets. 


Algorithm 9.6 (Net folding) Let © = (P,T,F, Mo) be a LSFC net and PN = (B,E,H; ¢) 
a complete process of U. Let N = (B, E,H) be the associated occurrence net. Then 


P = ¢(B), 
T = ¢(£), 
F = { (6(2), Oy) | (z,y) € FT }, 
Mo = ¢(°N). 


It is a simple matter to check that by using the above definition, the process in Fig. 9.3b 
can indeed be folded back to the net in Fig. 9.3a. The reason why the folding of such a 
finite process reproduces the original LSFC net should be intuitively clear: when folded 
back, every place will have the same input and output transitions again. Likewise, every 
transition will have the same input and output places again; however, this is trivially true 
because by definition, a process preserves the input and output conditions of all events. 
This folding procedure reproduces the original net provided that the process contains at 
least one instance of every element of the original net. 


We are now ready to discuss the expansion algorithm for producing a STG/IC from a 
STG/NC. 


9.2.2 The Expansion Algorithm 


Similar to the unfolding and folding algorithms developed for LSFC nets above, the ex- 
pansion of STG/NCs also consists of two stages corresponding to unfolding and folding. 
First, we present an unfolding algorithm for STGs with input choices. This algorithm is 
identical to the one for free-choice nets given above (Algorithm 9.5), with the exception 
of step 62. In the previous unfolding algorithm, at every unfolding step, the allocation 
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function A(P;) is determined by randomly picking an output transition for every place 
p € P; with more than one output transitions. For STG/NCs, a process can be generated 
in a similar manner; however, when a place p € P; with labeled output arcs is encountered, 
an output transition is chosen depending on which arc label holds—the choice of which 
output transitions to pick is no longer free but dependent on a condition which can be 
determined from the process generated thus far. Below we will only describe the first part 
of step 62 for the new unfolding algorithm; this part involves the determination of the 
allocation function. 


Algorithm 9.7 (Unfolding of STG/NC) First part of step b2: Choose the allocation 
function A(P;) as follows. 


62.1 If dp € P; such that p has no labeled output arcs then a transition t € p- ts picked 


randomly. 


62.2 Otherwise, if dp € P; such that p- = {t1,t2,...,tn} and XA(p, tm) = Gms 1 S< m<n, 
then A(p) = tm only if a, holds at B,. 


Important remarks. Case 52.1 is the same as one in the previous algorithm. For the 
new case 62.2, we have the following remarks. 


e In order for the choice to be deterministic at B;, it is required that exactly one a, 
holds at B;. Thus in the STG specification, the set {a1,a2,...,a,} must be chosen 
such that every time place p is marked, only one condition in this set can become 
true. On the other hand, if it is possible for more than one of them, say a; and a,, 
to hold at B; then both ¢; and t; are enabled. This situation will lead to problems 


as discussed in Chapter 8, concerning the specification of non-input choices. 


The above requirement ensures that every transition in p- is enabled in a marking 
with a distinct binary representation, as illustrated by the example at the end of 
Chapter 8. 

e As mentioned at the beginning of Chapter 8, for STG/NC, we impose the restriction 
that 


Vpe P,WteT: if A(p,t) =a, then {p,m,} ¢ co, where a, € {(m, 0), (m,1)}. 


That is, p cannot be concurrent with any transition of signal m. 
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If this restriction is satisfied, then in the process PN of the STG, all instances of 
p, m4, and m_ must belong to the same line. Thus by definition, in PN, any cut 
containing an instance of p cannot contain instances of m4, or m_. Therefore, if 
dm, holds at a b-cut B; such that p € ¢(B;), then a, holds at any other b-cut B! 
such that p € ¢(B!N B;). This is the reason why in step b2 above, it is sufficient to 
consider the holding of a,, at only one b-cut (instead of all'b-cuts) containing p. 


Conversely, without this restriction, then to determine whether a,, holds at p, one 
needs to check every b-cut Bj such that p € ¢(B/N B;). But in general, this is 
impossible because the process generated thus far may not contain all such b-cut 
B!. Therefore, this restriction is of fundamental importance; without it a STG/NC 
cannot be unfolded into a process. 


By using the above algorithm, the STG Ly = (P,T, F, Mo; 4) can be iteratively unfolded 
into a process PN = (B, E,H;¢). When the algorithm is stopped, i = n for some positive 
integer n and 

B= |) B E= U &;, H= U Wy. 
O<j<n O<j<n O<j<n 

Similar to the algorithms for free-choice nets, in order for the process generated to 
exhibit all possible behavior of the original STG when folded, we require that it be complete 
and has a consistent state assignment. That is, process PN must satisfy the following 
conditions which together constitute the completeness of processes of STGs. 


Definition 9.8 (Complete Process of a STG) LetXy = (P,T, F, Mo; A) be a STG/NC 
and PN = (B,E,H;¢) a process of Sy. Let N = (B,E,H) be its associated occurrence 
net; Bo = °N and B, = N°. Then PN is a complete process of Xz if the following 


condttions are satisfied: 
(a) ¢(Bo) = (Bn) € {p € P | Mo(p) = 1}. 


(b) BUE is a minimal set such that (BU E) = PUT. 


(c) PN has a consistent state assignment and [Bo, B,] forms a complementary set. 


Note that (a) and (6) are the requirements for processes of free-choice nets to be 
complete, as discussed earlier. The last condition (c) implies that By and B, have the 


same binary representation, i.e., a( Bo) = a(B,). 
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The folding procedure consists of two steps. First, a complete process is folded by 
merging b-cuts By and B, to produce a strongly connected net. Then, free-choice places 
are merged, using the recurstve merge function defined later. Controlled-choice places are 
not merged. The result is a free-choice net which behaves exactly like the original STG/NC; 
however, this new net can be synthesized using the techniques developed earlier. 


Algorithm 9.9 (Folding of STG/NC) Let Sy = (P,T,F,Mo;A) be a STG/NC and 
PN = (B,E,H;¢ran a complete process generated from it using the unfolding algorsthm 
described above. Then PN can be folded back into a net X'; using the following procedure. 


(a) Merge Bo and B,, : Vb € Bo, Vb’ € By such that ¢(b) = $(b') : replace b’ with b in 
B, E, H and ¢. 


(b) Merge free-chotce places: For all b,¥' € B such that $(b) = ¢(') = pe P and pis a 
free-choice place, 
if there exist b-cuts B;,B;,i < j, such that b € B;,b' € B; and [B;,B;] forms a 
complementary set 
then merge(b, b’). 
(c) The expanded net D/, = (P’,T’, F’, Mj) is given by 
P'=B  (¢(P!)=P) 
T’=E  (¢(T’)=T) 


F’=H 
M; = Bo. 


Given the process PN = (B, E,H;¢), the merge function recursively merges elements 
of the process together and update all components B, E, H and ¢ of PN. Input to the 
merge function is a pair of elements (x1, 22) of the same type (conditions or events), they 


are merged into a single element named 7}. 


Function merge(21, £2) 
Replace all x2 with zr; in B, E, H and ¢; 
For every yi, y2 such that }(y1) = O(y2) A (wi = yo" V oy = -Y2): 
mer ge(¥i, y2) 
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Remarks. The above folding algorithm is the same as one for LSFC nets, except that 
only conditions corresponding to free-chotce places are merged together, whereas those 
corresponding to controlled-choice places are not. This algorithm accomplishes the last 
stage of the expansion algorithm. The essential idea of the expansion algorithm is to split 
states with non-input choices. This is carried out in two stages: splitting all states with 
input and non-input choices and then merging states with input choices. The first stage 
corresponds to unfolding the STG/NC into a process; the second folding the process back 
into a STG/IC by merging only free-choice places. 


In this algorithm, conditions in a process are merged only if (i) they map to the same 
free-choice place in the net and (ii) the b-cuts containing them must map to the same binary 
state. Requirement (ii) is unique to processes of STGs and it allows one to determine when 
conditions can be merged together. Specifically, this requirement appears in the following 
steps of the algorithm. 


e In step (a), if PN has ac.s.a. then the binary states corresponding to the b-cuts 
Bo and B,, must be identical: a(Bo) = a(B,). This implies that the state graph is 
strongly connected (and is therefore live). 

e In step (b), if the b-cuts B; and B; are such that [B;, B;] forms a complementary set 
and PN has ac.s.a., then they have the same binary representation: a(B;) = a(B;). 
Hence in the state graph representation of PN, every event enabled in B; will also 
be enabled in B; and vice versa—this is exactly a free-choice situation. Thus, even 
though B; and B; appear to be separate b-cuts in PN, due to the fact that they 
have the same binary representation, they actually map to a p-cut containing the 
same free-choice place. It is important to realize that only by considering the binary 
representation of b-cuts, one can guarantee that they can be merged into free-choice 
places. If two b-cuts map to the same free-choice place but they do not have the 
same binary representation then they cannot be merged. An example illustrating 
these rules will be described next. 


9.2.3 An example 


In this section, we present another example of a control circuit with data-dependent oper- 
ation which is used together with an arbiter to control access to shared resources. This is 
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called a Resource Locking Module (RLM) which communicates externally using the reset- 
signaling protocol. The reason for presenting this example is that its STG specification 
contains both free-choices and controlled choices, thus allowing a demonstration of the 
expansion algorithm just described. In the previous example of the two-cycle FIFO con- 
troller, its STG specification contains only controlled-choices. Hence, when the expansion 
algorithm was applied, no merging was needed; the net was unfolded into a process and 
then simply folded back at b-cuts corresponding to initially marked places. 


Fig. 9.4a shows the block diagram of a circuit in which there are two RLMs connected 
to a two-input arbiter. Each RLM has a set link {S,, S,}, a clear link {C,,C,} connected 
to the external environment, and a lock link {L,,L,} connected to one port of the arbiter. 
When a set-request arrives at S,, the RLM forwards it to L,, awaits for acknowledgement 
on L, and passes it back to S,. This signifies that the arbiter has been locked. When the 
set-request 5, is dropped, the module immediately drops S, in response, leaving L, high 
to lock up the arbiter. From here on, any set-request will be acknowledged immediately 
through S,. In order to unlock the arbiter, instead of a set-request, a clear-request C, is 
sent to the RLM. This will reset LZ, to low, which in turns will cause L, to drop. The 
module responds by raising C,, and when C, is dropped, it will drop C, in return, thus 
completing a clear cycle. A subtle timing requirement for the arbiter is that the input 
request at its other port is disallowed until signal L, has gone low at this port. Such an 
aribter design is described in [10] and contains some subtle difference to that suggested by 
Seitz and also Plummer [40]. 


The STG specifying the operation of the RLM is shown in Fig. 9.4c; the logic imple- 
mentation derived from the STG is shown in Fig. 9.4b. It can be easily verified that this 
circuit works according to the specification. In this STG, po is a free-choice place; p, is 
controlled-choice place with arc labels (L,,0) and (Z,,1). The variables controlling data- | 
dependent operations are S,,C, and L,. The control state graph is shown in Fig. 9.4g, 
where states are values of the vector (5,,C,, Z,). In the initial state 59 of the system, the 
values of all signals in (S,,.5,,C,,C,,L,,L,) are 0: s9 = 000000. 


This STG can be unfolded into a complete process which is a line because the system is 
totally sequential. As indicated in Fig. 9.4d, this line has four instances of place po, denoted 
by po, Po, Pe and p3. For clarity, only these instances of place pp are drawn explicitly, other 
places are omitted from the figure. The line segment between p? and pj corresponds to 
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Figure 9.4: (a) The block diagram of the RLM and its (b) logic implementation. Its STG 
specification (c) is unfolded into a complete process (d), then folded back into the STG in 
(e). (f) The state graph of the STG in (e). (g) The control state graph. 
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traversing the left branch of the net, with (Z,,0) being true. The segment between p}, and 
pa corresponds to the left branch of the net, but with (L,,1) being true. The last segment 
between p? and p32 corresponds to the right branch of the net. 


This process contains instances of every element in the net and hence satisfies the 
completeness conditions described earlier. It is folded to produce the STG/IC shown in 
Fig. 9.4e as follows. 


e Conditions p§ and p? are merged together to form a strongly connected net. 


e Conditions pj and p2 are merged together because [p}, p?] forms a complementary set. 
Then, to complete the folding, events input to pj and p2 corresponding to transitions 
Sa-, Sy- and S,4 are also merged together. 


Fig. 9.4f is the state graph of the STG/IC in Fig. 9.4e. This state graph can be 
decomposed to produce smaller state graphs for non-input signals {5,,C,, Z,}. From the 
STG/NC in Fig. 9.4c, we find 


I(S.)={La, S-} 
I(C,)={La, C,} 
I(L,)={La, S;, Cr}. 


The logic implementation can be carried out by first deriving the contracted state graph for 
every non-input signal directly from the state graph given in Fig. 9.4f and then determining 
its logic equation. The final implementation is given in Fig. 9.4f; its derivation can be easily 
verified. 


9.3. Properties of STG/NCs 


In this section, we examine a number of relevant properties of STGs with non-input 
choices. One of the important issues to be addressed is the behavioral equivalence be- 
tween a STG/NC and its expanded STG/IC; this will be managed by showing that the 
two STGs are equivalent iff they unfold into the same complete process. Another issue is 
the liveness property of STG/NCs; by examining this property we will be able to provide 
some insights into the construction of STG/NCs from initial informal specifications. One 
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last issue is how to characterize the temporal relation in such nets, i.e. how to determine 


whether two transitions are ordered, concurrent or in conflict using previous techniques. 


It will be seen that the key concept used is that of complete processes. As described 
earlier, even though a complete process is acyclic and contains only a typical record of a 
net’s execution, it still can reproduce the total behavior of a net in the form of a state graph. 
Such a state graph is constructed by merging markings with the same state assignment. 
Due to this fact, complete processes of STGs contain more information than conventional 


processes of FC nets. 


In the rest of this section, we will consider a STG/NC Sy = (P,T,F,Mo; A) which 
can be unfolded into a complete process PN = (B, E,H;¢). This complete process can 
then be folded to produce a expanded net D/, = (P’,T"’, F’, M5). Let Ng = (P,T, F) and 
Ny = (P',T', F’) denote the underlying net structures of Dy; and 4, respectively. Then 
by definition, both Ny and Ny are free-choice nets. 


Behavioral equivalence between STG/NC and STG/IC 


Below, we sketch the reasoning for establishing the behavioral equivalence between a 
STG/NC and its expanded STG/IC: when D; is successfully expanded into ©/,, their 
behaviors are equivalent. Two nets are behaviorally equivalent iff they have the same trace 
set or equivalently, the same finite automaton. 


The key point is to show that if two nets are behaviorally equivalent, they must unfold 


into the same complete process. Suppose that 


e XJ can be unfolded into a complete process PN and the latter folded back into the 
expanded net ©. 
e /, can be unfolded into another complete process PN’. 


Then it is easy to see that it is possible to choose a transition sequence of control signals 
such that the unfolding of Ny and Ny yield the same process, i.e. PN and PN’ are 
identical; such a control sequence is recorded in the control state graph (CSG) described 
earlier. Hence, we can conclude that if &; can be expanded into a live-safe net 4, then 


they are behaviorally equivalent. 


9.3. PROPERTIES OF STG/NCS 175 


Liveness of STG/NCs 


Recall that earlier, we defined liveness of STGs in terms of their state graphs: a STG is 
live iff its state graph is strongly connected. For STG/NCs, the same definition can be 
employed. Since the state graph of a STG/NC is obtained through its expanded net, a 
STG/NC is live iff its expanded net is live. The expansion algorithm successfully produces 
a live expanded net if the original STG/NC can be unfolded into a complete process. Thus, 
we have the following result. 


Lemma 9.10 A STG/NC is live iff it can be unfolded into a complete process. 


Hence in order to verify that a STG/NC SZ) is live, one may need to apply the net- 
unfolding algorithm and check if the unfolded process is complete. If so, by folding the 
process, a live expanded net is then obtained. However, often times it is more convenient 
to use a certain necessary liveness condition directly on a STG/NC before unfolding. If 
this necessary condition is not satisfied by the STG/NC then it cannot be unfolded into a 
complete process. We study such a condition through an example below. 


Consider a FC net as shown in Fig. 9.5a. This net is safe but not live because only 
two MG-components resulting from MG-reduction are live-safe, as indicated in Fig. 9.5c. 
Let’s consider a firing sequence which leads to deadlock in Fig. 9.5a: in marking {p, po}, 
transitions t;,t2,t3 and t, are all enabled, if t; and t, are chosen (nondeterministically) 
to fire, then p3 and pg are marked. At this point the net’s operation halts as there is 
no token to enable t; and tg. Suppose now that instead of allowing the choices to be 
nondeterministic, we require that whenever places {p,, po} are marked, the pair {t1, t3} be 
chosen to fire together, and similarly {t2,t,} together. In this case, the net’s operation 
is live and safe. This is one basic motivation behind the use of controlled choices. The 
STG/NC corresponding to this case is shown in Fig. 9.5b: output arcs of places {p,, p2} are 
labeled with (a,0) and (a,1); in addition, transitions t; and tg are interpreted as ts = a_ 
and tg = a4. 


The following lemma states a necessary condition on the underlying net of a STG/NC 


in order for it to be live-safe. 
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Figure 9.5: (a) A non-live FC net and (b) a STG/NC with the same underlying net. 
(c) Two live-safe MG-components. (d) Two live-safe SM-components, one of which is 
expanded into a simple cycle (e). 


Lemma 9.11 Let Sy be a STG/NC and Ny be its underlying free-choice net. Then 
STG/NC is live-safe only if there exists a set of MG-components which cover Ny. 


In a similar fashion, we see that only two SM-components resulting from SM-reduction 
on Fig. 9.5b are live-safe; they are depicted in Fig. 9.5d. Notice that each of these SM- 
components is itself a controlled-choice net. These SM-components can be expanded into 
simple cycles; Fig. 9.5e illustrates the case for the SM-component on the left of the figure. 
Let us consider a necessary condition for this controlled-choice net to be live. Obviously, 
it is live if its expansion yields a simple cycle as just mentioned. This condition in turns 
requires that a, not be ordered with ¢,, and a_ not ordered with t2. For suppose that 
ts = a, in Fig. 9.5d, then a, is ordered with t, and the simple cycle potop, ti p3tspo (where 
ts = a;) will contain an arc labeled with (a,1). In which case, the control variable (a, 1) 
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will always be true, thus restricting the net’s operation in this simple cycle and the other 
branch of the net can never be activated, resulting in non-liveness. Hence, for every 
controlled-choice place p and transition t such that A(p,t) = (a,1) (or (a,0)), the above 


condition requires that there exist no simple cycle containing t and a, (or a_). 


In a STG/NC, we require that for every place p and transition t € p- such that p 
is a controlled-choice place and A(p,t) € {{a,0), (a,1)}, p not be concurrent with any 
transition in {a,,a_}. Also, since ¢ is not allowed to belong to the same simple cycle with 
{a,,a_}, it follows that t and a, must be in conflict in the underlying free-choice net (of 
the STG/NC). 


Construction of STG/NCs 


So far in this chapter, we have discussed the expansion algorithm for converting a STG/NC 
into an expanded net which corresponds to a LSFC net. That discussion assumes that a 
“correct” STG/NC is given. However, the construction of a STG/NC specification is 
generally not an easy task, because such a specification may involve complex interactions 


between choices and concurrency. 


The above illustrative examples provide us with some insights for the construction 
of STG/NCs. As evidenced throughout this chapter, one of the key concepts is that of 
a complete process. Besides specifying all possible concurrent behavior of a system, it 
also contains extra information allowing one to reconstruct the free-choices. Hence in the 
following procedure for STG/NC construction, we start with a process. 


(a) Butld a complete process: Construct an initial process according the concurrent be- 
havior of a system. This process must contain segments representing possible choices 
of actions. The process can then be made complete, possibly by adding extra internal 
transitions. 


(b) Select control variables: The complete process can be folded into a free-choice net, 
and arc labels corresponding to control choices can be added to obtain a STG/NC. 
(c) Check for live-safeness: The necessary conditions for live-safeness for such a STG/NC 
can be verified as follows. The STG/NC is live-safe only if (i) its underlying net is 


free-choice, (ii) there exists a set of live-safe MG-components which cover it, and 
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(iii) control variables are chosen such that every MG-component in this set can be 


activated at some marking reachable from the initial marking. 


Temporal Relation in STG/NC 


Previously, we have provided a syntactic characterization of the temporal relation for LSFC 
nets. However, due to the presence of controlled choices, this characterization does not 
apply directly to STG/NCs. As discussed earlier, the introduction of controlled choices 
into a STG imposes further restrictions on the set of firing sequences of the net. We will 
show that such restrictions only affect the sequential but not the non-sequential behavior 


of the net, and concurrency is preserved. 


Let 5; be a STG/NC and 5’, be its expanded net; their underlying net structures are 
denoted by Ny and Ny. Since all arc labels are not considered in Ny, both Ny and Ny 
are FC nets. Let tr = liUcoUcf and tr’ = li‘Uco’Ucf" be the temporal relations defined 
in Ny and Ny,, respectively. Note that tr is the temporal relation in the underlying FC 
net of Sy; it is not the temporal relation in the STG/NC, which is really given by tr’. In 
the following we study the relationship between tr and tr’. 


We can determine the temporal relation tr’ of the STG/NC Sy from its expanded net 
‘, which is a STG/IC. The underlying net Ny of the expanded net is a FC net and thus 
previous characterizations of the temporal relation apply. 


First, note that a prerequisite for two transitions in the expanded net Ny to be con- 
current is that they are concurrent in Ny. This is because the expanded net is obtained 
by unfolding Ny into a process and then folding the latter into Ny. In a process, all 
conflicts must have been resolved, and concurrency between instances of transitions must 


be preserved. Hence concurrency is preserved: co’ C co. 


The situation with ordering and conflict is slightly more complicated. The example 
given in Fig. 9.5 demonstrates that due to controlled-choices, the number of transitions in 
conflict in a STG/NC (Fig. 9.5b) cannot be more than that in its underlying FC net. In 
the expanded net, a controlled-choice place in a STG/NC is eliminated during unfolding. 
Hence: de’ C de. 


On the other hand, Fig. 9.5e shows that a SM-component of a STG/NC can be 
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expanded into a simple cycle. This implies that: 


(i) Two transitions are in conflict in the expanded net Ny only if they are also in conflict 

in Ny: cf! C cf. 

(ii) On the other hand, if two transitions are ordered in the expanded net Ny, then in 
Ny, they may be either ordered or in conflict: li’ C liU cf. 

(iii) If two transitions are ordered in Ns then in the expanded net Ny they must also be 
ordered: li C li’. 

(iv) If two transitions are in conflict in Ns then in the expanded net Ny they may be 
either ordered or in conflict: cf C cf’ U li’. 


From these facts, we can deduce an equality (vii) as follows: 


(iv) => cf Cli'Ucf’ 

=> liUcf CHUli’Ucf' 
(iii) => lUcf Cli ucf’ (v) 
(Gi) & Gi) => WUef’ChuUcfUcf=liUcf (vi) 
(v) & (vi) => WiUcf'=livef (vii) 


The above results are summarized in the following lemma, which simply states that when 
a FC net is converted into a STG/NC by adding arc labels, both sequentiality and non- 
sequentiality are preserved. 


Lemma 9.12 Let Xy and &', be a STG/NC and its expanded net; Ns and Ny thetr 
respective underlying nets, as defined above. Then 


co’ C co 
li Ucf’ = liUcf. 


The above result ensures that (i) if two transitions are not concurrent in the underlying 
net Ny of a STG/NC, then they will not be concurrent at all, and (ii) if they are ordered 
or in conflict in Ns then they will also be either ordered or in conflict in the expanded net 
Ny:. 


9.4 Summary 


In this chapter, we have presented an algorithm for converting STG specifications with 


non-input choices to ones which contain only input choices. The most crucial underlying 
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concept of STG/NCs and this expansion algorithm is concerned with the behavioral (i.e. 
firing sequence) semantics of nets: STGs are considered as high-level representations of 
state graphs. In particular, the use of controlled-choices can be thought of as a further 
restriction of the trace set derived from a STG. Similarly, the expansion algorithm basically 
manipulates the state graph from a higher level and it performs the splitting of states with 
non-input choices. By requiring that arc labels of a controlled-choice place never hold 
simultaneously at the moment that place is marked, we can guarantee that split states 
have distinct binary representations. 


One important concept in this chapter is that of a complete process. Even though it is 
acyclic, such a process contains enough information concerning the complete behavior of 
the system, so that from it choices between alternate control events can also be deduced. 


One fundamental requirement in order for a STG/NC to unfold into a process is that 
transitions of a control variable not be concurrent with transitions which are output tran- 
sitions of the controlled-choice places. This is a fundamental requirement, because the 
only way to determine the state of a control variable, say j, at a marking (at which a 
controlled-place, say p, is marked) is for the transitions of the variable 7 to be ordered 
with p; otherwise, it is impossible to tell exactly. 


Chapter 10 


Suggestions for further research 


In this short chapter, we suggest areas for further research. Some of the extensions to the 
STG model to be discussed are: 


Development of high-level hardware description languages for the specification of 
self-timed systems. 


e Techniques for composition and decomposition of self-timed control circuits based on 
STGs. 


e Performance evaluation and optimization of control circuits synthesized from STGs. 


e Pragmatic issues concerning the use of STGs in silicon compilation. 


High Level Hardware Description Language 


Even though the design approach based on STGs allows the direct and efficient synthesis 
of control circuits, one of its shortcomings is that STGs are rather low level: A behavior 
specification of a control circuits in terms of STG requires the tedious enumeration of its 
exact behavior at the level of signal transitions—this is especially true for control circuits 
whose operation involves both concurrency and choices, such as the FIFO module described 
in Chapter 8. To alleviate this problem, we need (i) more abstract specifications which can 
be refined iteratively to produce more detailed descriptions and (ii) a design methologoly 
for self-timed systems. A reasonable strategy involves the use of a high level description 
language to serve both purposes. 
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e A high level language provides an abstraction of detailed implementation which can 
be refined subsequently. For instance, at the more abstract level of specification, 
it should be possible to represent parts of a STG as single events; signal transi- 
tions specifying the communication protocol between control modules should also be 
represented as single synchronization events. 


e A high level language can be used to enforce a design style on the use of STGs. In 
particular, the syntax of the language can be used to disallow “bad” constructions. 
For instance, in the CSP-like language proposed by Martin [30], each module is rep- 
resented by a sequential process; parallelism is achieved by having many sequential 
processes commnunicating with each other through synchronization. Obviously, the 
design style imposed by such language is that each module can perform only sequen- 
tial operations; concurrency results from the interconnection of sequential modules 


operating in parallel. 


STGs allow the specification of control modules with inherent parallel operation (such 
as the FIFO module in Chapter 8) as well as those with sequential operation and choices 
(the RLM in Chapter 9). Thus the description language for STGs should not prohibit 
the specification of concurrent operation internal to modules. Our strategy is to iden- 
tify a design approach for STGs and then develop language constructs which allow the 
description of hardware control circuits according to the design approach. Some of the 
possible candidates for our hardware description language include path expressions [1] and 
PADL [29], to name a few. The semantics of path expressions in terms of Petri nets has 
been studied in [6]. On the other hand, PADL is designed expressly for the description of 
packet architectures which are related to data flow graphs. A net semantics can be easily 
developed for a subset of PADL. 


Composition and Decomposition 


The design of a system is unmanageable unless there is a hierarchical approach which 
allows the system to be decomposed into components, each desgined separately and then 
composed together to form the whole system. The important issue here is the correctness of 
such systems when the decomposition and composition steps are taken: how to guarantee 
that the behavior of the original system before decomposition is the same as that of one 
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composed from interconnecting modules, each corresponding to a decomposed part of the 
system. 


The firing sequence (trace) semantics can help: properties of composed and decom- 
posed systems can be reasoned using traces and operations on traces. Many ideas and 
mathematical results developed for CSP can be applied with some modification; these 
include high-level specifications, proof rules, etc. 


This thesis has developed a useful result concerning the equivalence between the be- 
havior of a FC net and the aggregate behavior of a set of contracted nets. This is an 
instance of decomposition and composition of nets. However, it differs from composi- 
tion/decomposition in general in that the former starts out with a net whose live-safeness 
properties are known ahead of time, while in the latter, these properties have to be proven 
for the system composed from modules. 


Performance Evaluation and Optimization 


STGs allow the specification and direct implementation of speed-independent control cir- 
cuits; circuits obtained from STGs are hazard free regardless of changes in the delays of 
logic components. Nevertheless, it is always important to be able to determine the tim- 
ing performance of control circuits so that their critical parts can be optimization when 
needed. 


One can take the simple view of a STG as specifying the timing constraints between 
signal transitions; a constraint such as 1, — j, is implemented as a logic element with 
input 7 and output 7. Thus a time delay d can be associated to the arc i, — j, to represent 
the delay between transitions of signals : and j. This delay can be determined from the 
logic implementation. 


By calculating the delay values and associate them to all causal arcs in a STG, a timed 
model is obtained. Techniques in Timed Petri nets [33] can then be applied directly for 
the purpose of performance analysis and optimization. 


One specific type of optimization is the transformation of a speed-independent imple- 
mentation into one which is only hazard-free. Recall that speed-independence means that 
a circuit is hazard-free for any combination of delays of logic gates. By determining the 
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Figure 10.1: Transforming a speed-independent circuit into a hazard-free circuit. (a) By 
removing synchonization constraints. (b) By resetting modules in parallel. 


bounds on their delays, one can remove some of the causal constraints for synchronation 
from the STGs without affecting the correct operation of the circuit. For example, in the 
STG of Fig. 10.la, the delays of the subgraph G, and G3 can be determined from their 
logic implementation to be d; and d, respectively. If mind, > maxd, then the transition 
y which synchronizes the actions of G; and G, can be removed. Such an optimization 
results in a saving of logic gates and an improvement in speed. 


Another type of optimization is a well-known technique for reducing the total delay 
of an operation cycle using the reset signaling protocol, as illustrated in Fig. 10.1b. Ifa 
number of non-pipelined modules are connected in tandem, the input request to the leftmost 
module must propagate through the all of them before an acknowledge is transmitted back. 
In the reset phase of the signaling protocol, the input request is reset and it is allowed to 
propagate through the modules. The operation is completed when the acknowledge is 
reset by the leftmost module. The operation during the reset phase of the cycle does 
not involve any useful work but only resetting the modules to their previous quiescent 
state. The total delay can be reduced by connected the leftmost input request signal to 
all modules in the chain, so that they can be reset to their initial state in parallel. The 
time required for reseting can thus be reduced to a constant. This technique works well in 
practice even though the circuit can no longer be guaranteed to be speed-independent. In 
CMOS technology, there is a natural way to implement this technique using domsno logic, 
as demonstrated in [10]. 
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Pragmatics 


One of our goals is to use STGs as a formal specification of control circuits in a hard- 
ware architecture for self-timed systems. It is perfectly feusible to build design-aid tools 
for the automatic design of self-timed systems. Some practical issues of concern are the 
specification and design of data paths, and the choice of hasdweare medium for VLSI im- 
plementation. | 


The data-path components of such an hardware architecture can also be specified in 
terms of Petri nets; el Ne RO AEE Dee ES 
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